1. CRISP final conference 6th CoU Meeting, 16 March 2017
CRISP Final Conference: 16 March 2017
Plenary session
09.00 – 12.30 Agenda Speakers
09.00 Opening of plenary session and welcome Philippe Quevaulviller, DG HOME (organiser CoU meeting)
09.15 The CRISP project and results
Ronald Boon, coordinator CRISP
Ying Ying Lau, project manager CRISP
Netherlands Standardisation Institute
10.15 Data protection and privacy perspective
Paul de Hert, CRISP partner
Vrije Universiteit Brussel, Law and Criminology Department
10.35 Coffee
11.00 Industry perspective
Glen Dale, CRISP Advisory Board Member
Euralarm
11.20 Policy & Standardization perspective
Aikaterini Poustourli, CRISP Advisory Board Member*
*EC DG HOME.B4, since February 2017
11.40 Panel discussion about the CRISP approach
Moderator: Ronald Boon
Panel: Aikaterini Poustourli, Glen Dale and CRISP partners
Jelena Burnik (IPRS), Roger von Laufenberg (VICESSE), Leon
Hempel (TUB), Ying Ying Lau (NEN)
12.15 Concluding Remarks and closing of plenary session Ronald Boon
12.30 Lunch
2. CRISP final conference 6th CoU Meeting, Brussels, 16 March 2017
The CRISP project and results
Ronald Boon, CRISP coordinator
Ying Ying Lau, CRISP project manager
Netherlands Standardisation Institute (NEN)
3. CRISP final conference 6th CoU Meeting, Brussels, 16 March 2017
Introduction to the CRISP project
Ronald Boon
CRISP coordinator
Netherlands Standardisation Institute (NEN)
4. CRISP final conference 6th CoU Meeting, 16 March 2017
Introduction CRISP
Content of the presentation
1. Starting point
2. Development project context
3. Project outline
4. Lessons learned
5. Main results
Security certification needs more more then
tecnical requirements
Next step: testing the CRISP criteria
5. CRISP final conference 6th CoU Meeting, 16 March 2017
Starting point Certification of security systems in EU
The EU security market:
• Highly fragmented
• Absence of common certification
systems
• Limited mechanism for mutual
recognition of national certification
• Slow introduction to new marked
needs and solutions
6. CRISP final conference 6th CoU Meeting, 16 March 2017
Starting point Certification of security systems in EU
Security systems often involve intensive
data processing
• potential breach of citizens freedoms.
Absence of holistic approach to
certification
• socio-legal requirements that show respect
for fundamental rights.
7. CRISP final conference 6th CoU Meeting, 16 March 2017
Development Project Context 2014 - 2017
8. CRISP final conference 6th CoU Meeting, 16 March 2017
European Agenda on Security
http://europa.eu/!cW86Yv
9. CRISP final conference 6th CoU Meeting, 16 March 2017
ECORYS European Security Market – June 2015
Source: Ecorys SSS and BIGS SSS
10. CRISP final conference 6th CoU Meeting, 16 March 2017
Commissioner for the Security Union
16. CRISP final conference 6th CoU Meeting, 16 March 2017
CRISP Mission
The CRISP project mission is to develop an
innovative evaluation and certification
methodology for security systems:
increase citizen trust in security technologies
• through evaluating social impacts of security systems
• certification of systems that comply with the protection of
fundamental rights.
more harmonized playing field for the European
security industry,
• acceptance of security certification across Europe
– no need for re-certification in each country.
17. CRISP final conference 6th CoU Meeting, 16 March 2017
The CRISP project – quick facts
CRISP = Evaluation and Certification Schemes
for Security Products
3 year project: April 2014 - March 2017
Seven partners from seven European countries
19. CRISP final conference 6th CoU Meeting, 16 March 2017
Process
Building blocks
for certification
scheme
Developing STEFi
methodology
Understanding
stakeholders
needs
Researching
current landscape
Glossary and
taxonomy
Stakeholder
consultations
CRISP Advisory
Board
Confidence
enhancement
DPA workshop
Roundtable
certification bodies
Validation and
Scenario-based
workshops
20. CRISP final conference 6th CoU Meeting, 16 March 2017
Lessons learned
Ambitious project; need to narrow the scope
Security systems
First focus on video-surveillance systems
Certification in the field of security will need
broad support and incentive(s)
Challenge to involve European security market
Small consortium, intens collaboration
Stakeholder consultations essential
The proof of the pudding is in the eating
21. Project results
Ying Ying Lau
CRISP project manager
Netherlands Standardisation Institute (NEN)
CRISP final conference 6th CoU Meeting, Brussels, 16 March 2017
22. CRISP final conference 6th CoU Meeting, 16 March 2017
All public project results
D1.1 Glossary of security products and
systems
D1.2 Taxonomy of security products,
systems and services
D2.1 Report on security standards and
certification in Europe – A
historical/evolutionary perspective
D2.2 Consolidated Report on security
standards, certification and accreditation –
best practices and lessons learnt
D3.1 Stakeholder Analysis Report
D4.1 Legal Analysis of existing schemes
D4.2 Ethical expert report on freedom
infringement evaluation
D4.3 S-T-E-F-I based SWOT analysis of
existing schemes
D5.1 Validated CRISP Methodology
D5.2 Report on the scenario based
workshop and the refinement of the CRISP
methodology
D6.1 Final roadmap and implementation
plan
D6.2 Final certification manual
D7.1 Consolidated report on enhancing
confidence and acceptability of new
certification measures
D7.2 CEN Workshop Agreement
D7.3 Interim exploitation plan
D7.4 Final, consolidated exploitation plan
D8.1 Project website
D8.2 Dissemination plan
D8.3 Briefing paper on the proposed
certification scheme and roadmap
D9.3 Ethical approval documents
D9.4 Report on the ethical aspects of the
project
23. CRISP final conference 6th CoU Meeting, 16 March 2017
Key project results
From research…
Glossary and taxonomy of security products and
systems
Reports on security standards and certification in
Europe and third countries
Legal and SWOT analyses of existing certification
schemes
Security certification stakeholder analysis
24. CRISP final conference 6th CoU Meeting, 16 March 2017
Key project results
… to development
Methodology
Standards document: CEN Workshop Agreement
Certification manual
Roadmap and implementation plan
Confidence enhancement
Building blocks for certification scheme
25. CRISP final conference 6th CoU Meeting, 16 March 2017
The methodology
STEFi dimensions
as basis
Evaluation using
STEFi criteria
Multi-dimensional
approach
Multi-stakeholder
approach
26. CRISP final conference 6th CoU Meeting, 16 March 2017
The methodology
Two main phases: evaluation and certification
27. CRISP final conference 6th CoU Meeting, 16 March 2017
Standards document: CWA
What is a CEN Workshop Agreement?
Official standards document
Agreement developed and approved in a CEN
Workshop
Open to the direct participation of all interested parties
Fast and flexible development (average 1 year)
28. CRISP final conference 6th CoU Meeting, 16 March 2017
Standards document: CWA
Scope of CWA
Example in Annex: video surveillance systems
29. CRISP final conference 6th CoU Meeting, 16 March 2017
Standards document: CWA
Challenge:
to come to unambiguous procedures for a multi-
dimensional evaluation that acknowledges the complexity
of the societal context in which security systems operate.
CWA allowed for:
‘Extension’ of consortium by direct participation of
stakeholders
Further development evaluation and consensus building
Further development of annex with example of evaluation
questions and requirements
Expected publication: end of March 2017
30. CRISP final conference 6th CoU Meeting, 16 March 2017
Certification manual
Provides basic information for the future owner
of the CRISP certification scheme
pictures the overall evaluation and certification
methodology
clarifications on roles and responsibilities of all parties
involved
information on (basic) requirements for evaluation
and certification, including existing standards and
legislation
31. CRISP final conference 6th CoU Meeting, 16 March 2017
Certification manual
Scope of the scheme
The scheme will provide rules and requirements for
the evaluation and certification of installed video-
surveillance security systems based on the STEFi
dimensions
For systems in development, evaluation according to
the scheme can be applied
Certification of these systems will only be possible
after installation
32. CRISP final conference 6th CoU Meeting, 16 March 2017
Certification manual
Parties involved in the methodology
Client: any organisation applying for certification
Certification body: offers certification according to
the methodology; in charge of overall process
Evaluation body: contracted by certification body to
conduct an evaluation of the security system
• Project leader: managing the overall evaluation process
• Experts: independent; knowlegde of system and at least one
of the STEFi dimensions
34. CRISP final conference 6th CoU Meeting, 16 March 2017
Certification manual
Crucial factors for future CRISP scheme
Quality of the scheme – simplicity, openess,
transparancy and accreditation
EU wide acceptance, backed by regulatory demands
Support, acceptance and promotion from key
stakeholder groups
Appropriate management
Impartiality
36. CRISP final conference 6th CoU Meeting, 16 March 2017
Roadmap and implementation plan
Key steps of the CRISP timeline
Completion of pilot scheme for video surveillance
systems (2018)
Pilot phase (2019 – 2026)
Development of other standards (2019 – 2023)
Development of extended scheme (2019 – 2024)
Accreditation of scheme (2024 – 2028)
Certification based on extended scheme (2026 – 2028)
37. CRISP final conference 6th CoU Meeting, 16 March 2017
Building blocks for certification scheme
38. CRISP final conference 6th CoU Meeting, 16 March 2017
Future certification scheme
Fills the gap of certification including socio-legal
requirements (STEFi).
CRISP methodology, CWA and other building
blocks provides a good basis for further
development of the certification scheme.
Pilot phase: security systems narrowed down to
video-surveillance
Once piloted and fully implemented, it can be
extended to cover a broader range of security
systems.
39. CRISP final conference 6th CoU Meeting, 16 March 2017
The CRISP results
3 years of research:
(almost) 21 public deliverables
Expected publication of CWA:
end of March 2017
Project results available:
www.crispproject.eu
Hinweis der Redaktion
The project will result in 21 public deliverables
Will not go into each of these deliverables
- Extensive research for more than 1 year, where we did…
Second half of the project to develop the following…
To start with the last one: confidence enhancement
Much effort in stakeholders consultations
On one side get input/feedback
On other side (especially in the second half of the project) to enhance confidence in the proposed methodology and scheme
Will not go into detail in this presentation panel discussion
Will go into the first 4 project results
STEFi stands for…
S = technical
T = experience and perception of users
E = economical
Fi = relates to impact on freedom & rights of individuals
Evaluation approach that integrates different dimensions in order to ensure that all relevant aspects and stakeholder perspectives are addressed.
From the dimensions, STEFi criteria have been defined
The methodology consists of two phases…
Follows widely accepted approach to conformity assessment based on international standards (ISO/IEC 17000 series)
Each phase has two or three stages
Evaluation
In the evaluation phase the STEFi approach is applied during the assessment stage, on the basis of assessment questions.
The outcome of the evaluation is a report providing an overview of all criteria
This report is the basis for the certification body in the certification phase
Certification
The certification phase comprises an assessment of the (report of the) evaluation phase and its results against applicable requirements.
If assessment is positive certificate given provides assurance that the security system is in accordance with all applicable requirements, including the various stakeholder’s perspectives.
For certification, it will be needed to have a clear description of the evaluation phase, the STEFi approach and assessment questions. No existing standards as this is a new development, so CRISP developed this standard.
There are different types of standards.
The most appropriate type in this case is a CEN Workshop Agreement.
Most attractive of CWA is relatively fast development (compared to EN standard = 3 years)
One of the key results is a CWA
Scope of CWA: title
The evaluation process is generic for security systems
For the Annex to have an example for the evaluation questions and requirements, video-surveillance systems is taken as security system.
Challenge: How to evaluate the evaluation? From ‘multi-multi’ to unambiguous, From context specific to generic, From criteria to requirements
Small consortium of 7 partners, extended by 16 other stakeholders (of which half is registered, other half not) that contributed to the document (e.g. CLC/TC 79, CBs, research institutes, end users, etc.)
Hard work, high ambition: start of CWA end of June, publication expected soon (will be done by CEN).
Next key result is the certifcation manual
In addition to methodology and CWA, this document will say how the scheme should work
The certification scheme is complementary to existing schemes and standards and not competing with them.
Some items in Certification Manual:
Scope
Roles
Procedure
Crucial factors scheme
Need to focus as the scope of project for ‘security systems’ is too broad.
Video-surveillance systems many standards existing, well developed area (therefore also the example in CWA)
TARGET GROUP OF THE SCHEME
End users of the relevant systems, e.g. “local authorities, emergency organisations, transport operators, law enforcement authorities, retail organisations, health organisations and educational organisations.”
Procedure from application to certification
Quality
certification procedures shall be as simple as possible.
Testing procedures must be robust and should not allow variations
In terms of transparency and clarity, the univocal wording of all documents regarding the assessment, methodology and certification process is essential.
open to any interested organisation
accredited in order to achieve the necessary level of trustworthiness, quality and acceptance.
EU wide acceptance
The recently adopted General Data Protection Regulation, incentivising the development of data protection certification schemes, is an important driver for market demand and added value of the scheme.
seize this opportunity by bringing CRISP certification in line with GDPR-accredited certification schemes, which also means finalising a scheme that will be accepted in all EU countries.
Support
Strong and visible support from key stakeholders, such as the European Commission, national authorities, the industry and security industry bodies (e.g. Euralarm), regulators and certification bodies is a critical factor for the success of the future CRISP certification scheme.
Appropriate management
Scheme must be kept up to date with a periodic review to ensure its relevance
Oversight mechanisms must be in place to assure consistency of the scheme, relevance of criteria and validity of certifications
Impartiality
- The independence of personnel can be safeguarded with impartiality agreements between the scheme owners and the personnel.
- Next building block: Roadmap until 2028 and implementation plan
Estimation, but shows that a certification scheme is not ready tomorrow
Will highlight the key steps
current evaluation methodology focus on installed video surveillance systems to start with.
Once piloted and fully implemented, it can be extended to cover a broader range of security systems.
More indept info on STEFi and content of CWA – workshop
Learn more about standardisation and certification - workshop
- Innovative approach
All credits for the hard work goes to the partners.