CRISP and HECTOS projects - key findings

CRISP Final Conference – 16 March 2017 6th CoU Meeting, Brussels

Research approaches in standardisation and certification: CRISP and HECTOS

Ying Ying LauProject manager CRISP

Netherlands Standardisation Institute (NEN)

Anders Elfvingcoordinator HECTOS

Swedish Defence Research Agency (FOI)


Today

The HECTOS project: quick overviewThe CRISP project: quick overviewResearch approaches in certification

HECTOS CRISP

Research approaches in standardisation HECTOS CRISP


The HECTOS project: quick overview (1)

September 2014 – January 2018Support harmonisation of the European market by

producing a roadmap for the development of Harmonised Certification schemes for Physical Security Products

http://www.fraunhofer.de/en.html










The HECTOS project: quick overview (2)


The CRISP project: quick overview (1)

CRISP = Evaluation and Certification Schemes for Security Products

3 year project: April 2014 - March 2017 Seven partners from seven European countries


The CRISP project: quick overview (2)

Mission: to develop an innovative evaluation and certification methodology for security systems, which:

Contributes to measures that increase citizen trust in security technologies through evaluating social impacts of security systems and certification of systems that comply with the protection of fundamental rights.

Contributes to a more harmonised playing field for the European security industry, through acceptance of security systems across Europe, with no need for re-certification in each country.


The CRISP and HECTOS projects

Common view on high level objectives Harmonisation of certification schemes Making use of standardisation Contributes to harmonised playing field for the European

security industry

Different focus CRISP: Security systems, holistic approach HECTOS: Security products, technical approach

Different research approaches


Certification in HECTOS (1)

The diverse technologies and applications for physical security products is a challenge

Many schemes are needed - but in a Framework for harmonised certification schemes for security products

The HECTOS Framework is based on the ISO/IEC 17000 CA standards series, adapted and supplemented by features to support the special requirements of security products

Adversarial testing, classified information, rapid evolving threat/requirements, complex performance information are examples of security-specific aspects


Certification in HECTOS (2)

Guided by Biometric and E&Wproduct case studies

HECTOS will present a high-level roadmap supporting the implementation of the scheme Framework to progress towards EU harmonised security product

certification


Certification in CRISP (1)

Absence of holistic approach to certification: inclusion of STEFi criteria

Scheme complementary, not competing Overall scheme (‘umbrella’), not replacing existing schemes or

standards Based on conformity assessment standards CRISP developed ‘building blocks’ for the certification

scheme for security systems Crucial building block is the CEN Workshop Agreement (CWA)

Next steps towards certification Development of assessment criteria (certification body) Identify scheme owner


Certification in CRISP (2)


Research approaches to certification

CRISP Based on conformity

assessment standards ‘Overall’ certification scheme

(complementary, not competing)

Holistic: including trust and socio-legal requirements

Developed CWA as basis for certification

For security systems

HECTOS Harmonised framework for

security product certification is based on ISO 17000

Adopt succesful features of existing systems. Adapt special requirements of security products

Biometric and Explosives & Weapons case studies

Test & Evaluation focus; where there are major differences between types of products


Standardisation in HECTOS

Standards as source of information Review of standards landscape for security products

Identification of • most relevant standards• types of standards• types of requirements• areas of missing or multiple standards

Identify stakeholder requirements for standards Standardisation to promote key research result

Liaison with CEN/TC 391 Societal and Citizen Security HECTOS will propose future standardisation activities Based on HECTOS harmonised scheme framework


Standardisation in CRISP

Standards as source of information Development of glossary and taxonomy – make use of

standardised terms and definitions Review of standards, certification and accrediation for security

products – analyse state of the art Input for STEFi criteria– identify existing standards that have

specific potential us (no need for reformulating requirements) Standardisation to promote key research result

Development of CWA ‘Guidelines for the evaluation of installed security systems, based on the STEFi dimensions’

Standardisation to engage stakeholders CWA = open workshop for all interested parties Use network of standardisation institutes


Approach to standardisation

CRISP Much knowledge is in standards

which can be used in the development of requirements

Standards provide a good basis for development of certification scheme

Developing the CWA has ‘pushed’ the project to present the key research result in a clear and unambiguous way

HECTOS Understanding the standards

landscape and requirements for standards have been important input to development of the HECTOS framework and roadmap

HECTOS plan to present the harmonised scheme framework as a proposal to the standards community


Summary

Research approaches in standardisation and certification: CRISP and HECTOS Towards harmonised certification schemes for European security

market Use conformity assessment standards as basis for development

of certification scheme Standards as useful source of information Standardisation to promote key research results

CRISP and HECTOS projects - key findings

Science

Transcript of CRISP and HECTOS projects - key findings