IoT Trustworthiness is a Journey and NOT a Project
In this diagram, the path of the Current State (red line) navigates around (and above) the
minimum compliant level requirements, their timelines, the corporate strategic mandates, and
the implementation resources that made available for this effort. The path has multiple distinct
segments, which will be explored in the next sub-sections.
Become Compliant… [1] - [2a]
This segment of the journey starts with the initiation of the IoT trustworthiness effort and ends
when the Minimum mandatory requirements are met.
Following the assessment of current and minimum states of trustworthiness, the organization
may determine that it is at risk of non-compliance with its mandatory minimum requirements. It
must now implement a project with an accelerated schedule to raise the level of trustworthiness
of a system to become compliant with these minimum requirements:
The vertical distance between points [1] and [2a] in the diagram represents the gap in
trustworthiness to be covered
The horizontal distance between these points represents the expected project timeline
to achieve this level of compliance
In this segment of the journey, the ROI may not be the primary concern. However, the
organization will want to aim at reaching point [2a] in the most effective and cost-efficient way.
Meet Internal Mandates… [2a] - [3a]
Once point [2a] in the journey is reached, the organization may decide to continue its effort to
raise the levels of trustworthiness to [3a]. The drivers for this segment are internally-defined and
self-imposed:
The corporate vision may mandate higher standards for trustworthiness
The product/marketing group may want to better position its offering vis-à-vis its
competition
The risk management and legal groups may set higher standards for trustworthiness
The technical roadmap may dictate alignment and timeline requirements for this
segment
In this segment of the journey, ROI should be one of the primary concerns. In other words, the
internally-defined drivers must have sound financial justification.
Comply with Upcoming Requirements… [3a] - [3b]
In anticipation of upcoming changes to the requirements 25 [2b], the organization may proactively
raise the level of trustworthiness of its IoT system to [3b] to meet these new requirements. As
25
Example: changes in regulations.
- 70 -
IIC Journal of Innovation