Conformity Assessment Scheme: Digital Trust for Public Sector Bodies, Regulated Programs, and Industry Services
FOR THE LATEST CHANGES, PLEASE VISIT THE REPOS ON OUR NEW DIGITAL GOVERNANCE COUNCIL PAGE
Quick Link to Assessment Schemes
Certification Main Scope
The main scope of certification is Digital Trust This main scope is intended to be applied in the broader context of digital trust comprising of organizational capabilities along with technological capabilities working together to provide an overall confidence in a product, process, service, or any defined activity or undertaking. This main scope is also designed to recognize applicants who have obtained and are maintaining certifications that they are: 1) abiding by agreed-on principles and, 2) meeting specific requirements that they can be regarded as trusted actors within the digital ecosystems within which they operate. The main scope is also intended to streamline the commonalities across domains, reducing duplicative requirements.
Depending on the context, the main scope may be tailored for certification, for example:
- Recoginition of and adherence to existing standards, regulations and legislation
- Adaptation to the relevant context of digital ecosystems and communities
- Accomodation of needs of specific stakeholders
Certification Sub-Scope
Due to the complexity of digital trust and evolving nature of the area, it is recognized that certifications may be relevant in multiple domains. Depending on the size and risk level of the applying organization and the resulting class level assigned (see Class Levels section), organizations may be required to demonstrate trust in more than one domain. However, organizations are not limited to the domains in their assigned class levels and are welcome to apply for as many sub-scopes as they deem appropriate. Each sub-scope achieved by an organization will be displayed on their certificate as per the terms of use.
To facilitate the broad area of digital trust, yet allow for meaningful and targetted conformity assessments, certification scheme includes sub-scopes which correspond to a practice area or an operating domain of the applying party. As thes different area require different expertise, requirements and regulatory considerations, the sub-scopes are intended to demonstrate the applying parties’ established level of trust in their field.
Domains that are defined as sub-scopes, include, but are not limited to:
- Digital Identity
- Data Governance
- Open Banking
- Cybersecurity
- Sustainability (Green IT)
- Technology Ethics
- Artificial Intelligence
For more details please go to the Assesment Schemes Page
Certification Specialization
Specialization, in addition to a sub-scope allows for a narrower focus on a specific area of conformity assessment that requires a detailed and specialized assessment of a targeted area of management, capability, product or process. Depending on the nature of the specialization, it may or may not be part of a certification scope or certification sub-scope.
Certification Assessment Class Level
Certification is the formal outcome of a conformity assessment. However, certification is not a binary case of conformining or non-conforming. Many factors may be involved in determining the scopeDuring the certification process, the conformity assessment scheme may be tailored to indicate and accomondate the following:
This tailoring is formalized by means of determing an Assessment Class Level
Final Certificate Scope, Sub-Scope, Specialization and Tailoring
| Component | Description | Details |
|---|---|---|
| Main Scope | Digital Trust | This will be the main scope in all cases, with rare exceptions |
| Sub-Scope | Specified from the list above. | In the majority of cases, it will be one sub-scope only |
| Focus/Specialization | A specific area of conformity assessment | Depending on the nature, a specialization may, or may not be, part of a Main Scope and/or Sub-Scope |
| Assessment Class Level | Based on assessment approach | Based on entity class and risk impact level |
| Caveats | Caveats | Provided by the issuing authority on how the certificate may be used or restricted |
Validation and Verification
This conformity assessment scheme may be applied in conjunction with ISO/IEC 17029:2019 Conformity Assessment for activities relating to performing validation/verification as conformity assessment activities.
Conformity Assessment: A Primer
Conformity assessment scheme documents available for direct download are found in this folder. As these documents are subject to change, please note the commit details when you download. Alternatively, you can fork or: git clone https://github.com/CIOSC/CAS-Digital-Trust.git to maintain your own copy of the repository.
A Primer Document is being developed for those who are unfamiliar with the standards development and certification process.
An Orientation Video to guide users around the various pieces of the repository (subject to change)
An Overview Video describing the global context and the benefits to the public sector: [Accreditation: A global tool to support public policy]
Link to Scheme Manual
If you are interested in piloting a CIOSC standard for inclusion into the conformity assessment scheme, please contact us.
