IoT Trustworthiness is a Journey and NOT a Project
� �
Current levels of reliability and resilience Current state of data protection and security , as well as data privacy controls
The Current State evolves over time as the methods and processes put in place to address the trustworthiness requirements take effect and as factors such as system and human errors , lapses , cyberattacks , malicious activities and external influences begin to negatively impact the level of trustworthiness of the system .
Minimum State
This is a non-negotiable level of trustworthiness mandated by external authorities and parties ; example , legal , regulatory and standards bodies , as well as industry best practices .
� To determine the Minimum State level , it will be important to assess applicable laws , regulations , best practices and standards , and evaluate their impact
� In situations where these requirements may conflict with each other , the organization ’ s Risk Management and Legal teams may need to be involved to provide opinions and guidance regarding the course of action .
Figure 4 : Minimum Requirements defined by external parties
The IIC Industrial Internet Security Framework ( section 4.3 ) discusses some of the legal and regulatory requirements as they relate to Information Technology ( IT ) and Operational Technology ( OT ). Another example is the OSHA 29 CFR 1910 which covers occupational safety and health standards .
In addition to the above , requirements can have jurisdictional implications and in some cases actually boundaries ( Data Residency 12 ). In these cases , the methods and processes implemented to empower the trustworthiness of the IoT system must have jurisdictional variations .
12 www . omg . org / cloud / deliverables / CSCC-Data-Residency-Challenges . pdf
- 66 - IIC Journal of Innovation