[Change]: Accreditation mapping

[JimMadge]

Summary

Explain the bidirectional mapping between SATRE and important, existing accreditations

Source

Collaboration Café (Usability and implementation 2023-07-20)

Detail

Break out room discussion around important, existing accreditations identified as particularly important,

• ISO27001
• DSPT
• Digital Economy Act
• Caldicott principles

A strong theme that emerged was,

• A specification/standard/accreditation for TREs would be useful, existing accreditations do not make a system a TRE.
• However, it should not conflict with existing accreditations and the relation to them should be clear.

Introducing 'yet another standard' will create extra work for those who go through the process of assessing their systems against those standards. On top of being compatible, having a clear mapping between requirements in SATRE and those is important accreditations will make the process of becoming SATRE compliant easier and more attractive.

An ambitious but excellent goal here would be to arrive at a bidirectional mapping between SATRE and, say, ISO27001 that would enable simplified assessments such as,

• If you already have ISO27001, you already meet SATRE requirements A, B and C. Here are the additional requirements you need to meet to become SATRE compliant.
• If you already have SATRE, you already meet ISO27001 requirements A, B ad C. Here are the additional requirements you need to meet to become ISO27001 compliant.

Where

No response

Proposal

No response

Who can help

No response

[Davsarper]

Just linking the related collab cafe #182