Investigating effective and efficient approaches to trust, assurance and compliance in the ICT market

The EU-SEC project studied ways to improve approaches to trust, assurance and compliance in the ICT market. To achieve its goal, EU-SEC created a framework under which existing certification and assurance approaches in the ICT market could co-exist.

The multinational and multidisciplinary consortium worked to improve the effectiveness and efficiency of existing approaches for assurance and compliance in the ICT market. The three core ideas behind the EU-SEC project were that an effective and efficient approach to trust, assurance and compliance has to:

• Balance the need of nations and business sectors to develop their specific certification schemas, bearing in mind the need to reduce compliance costs

• Avoid humans, namely auditors, doing activities that could be performed by machines (e.g. data collection)

• Ensure that accurate and reliable evidence/information is provided to the relevant people, in a timely fashion, leveraging automatic means as much as possible.

The project’s main outcomes were:

• Multi-Party Recognition Framework

• Continuous Auditing Certification

• Privacy Code of Conduct

Funding

EU-SEC was funded through the European Commission’s H2020 programme under grant agreement 731845. SixSq was funded by SERI under contract number 17.0004.

The project involved nine partners from seven countries:

• Fraunhofer, Germany. Consortium leader.

• Cloud Security Alliance, UK

• Fabasoft Cloud, Austria

• Ministry of Finance, Slovakia

• Ministry of public administration, Slovenia

• NIXU, Finland

• PwC, Germany

• SixSq, Switzerland