Accreditation as a root of trust for digital developments
Under the motto “Accreditation: Empowering Tomorrow and Shaping the Future”, this year’s World Accreditation Day 2024 calls attention to the opportunities and challenges of pioneering developments in a world in transition. When it comes to issues such as information technology, cybersecurity and artificial intelligence, accreditation already plays an important role today and will continue to do so in the future. So how can the instrument of accreditation create trust in new technologies and digital trends?
Considerable parts of administration, organisation, communication and entertainment are implemented on the basis of information technology (IT). The shift to cloud-based services, greater device connectivity and more and more data processing require organisations to manage their digital risk, security and operational reliability. Devices that are connected to the Internet also increasingly need to be protected by security solutions against attacks on the information they contain. Because cyber threats are growing all the time and companies around the world need to protect themselves against increasingly sophisticated attacks. On top of that, both the opportunities and the challenges presented by the rapid development of artificial intelligence (AI) also require practicable solutions in the area of quality infrastructure.
In all of these areas of technology, the development of requirements and their verification by accredited conformity assessors is an important root of trust. In Germany, Deutsche Akkreditierungsstelle (DAkkS) is the body responsible for accreditation of the stakeholders operating in this sector.
Conformity assessment of information technology matters
In information technology (IT), accredited conformity assessment bodies are of fundamental importance for the testing and certification of products. Certifications of information security management systems (ISMS) in accordance with ISO/IEC 27001 and IT service management in accordance with ISO/IEC 20000, or testing of accessibility and ergonomics for software or hardware, are just some examples of the range of attestations of conformity in this sector. Objective determination of the competence of stakeholders through accreditation is an important instrument for promoting responsible and trustworthy conformity assessments in the IT sector.
Cybersecurity Act as an EU-wide body of rules and regulations for cybersecurity
Confidentiality, availability and integrity – these are the protection objectives that define the requirements placed on technical and non-technical systems for information processing, retention and storage. The Cybersecurity Act (CSA) is the EU-wide framework for voluntary security certification of IT and OT products. It was drawn up as part of a comprehensive package of measures to enhance cybersecurity and strengthen resilience against cyber attacks in the European Union. However, in addition to the accreditation of IT security laboratories and certification bodies required for this purpose, there are also other important conformity assessment activities in the area of cybersecurity, such as the Federal Network Agency’s conformity assessment scheme for operators of energy networks and systems.
The market is highly dynamic, and marked by constant evolution and adaptation to new threats. In response, the importance of accreditation for cybersecurity will also be stepped up by the upcoming Cyber Resilience Act. In addition, the revision of ISO/IEC 27006-1:2024 will set new standards for the conformity assessment of information security management systems and will be quickly implemented by DAkkS.
Artificial intelligence as an important trend in digitisation
One of the most important digital trends is the rapid development of artificial intelligence (AI), which is being used in more and more industries. Here, the opportunities and the potential of AI that is now already being exploited on the one hand, and its risks on the other, are leading to a race between governments for regulation and to an ever greater need for international consensus. Because they reflect the needs and requirements of all stakeholders and offer global best practices, international standards can be a valuable tool for the responsible use of AI.
DAkkS is currently actively involved in the development of the ISO/IEC DIS 42006 standard (Artificial intelligence – Requirements for bodies providing audit and certification of artificial intelligence management systems). The EU Commission and CEN/CENELEC are planning to include ISO/IEC DIS 42006 in their work programme and use it to generate a European standard.
Background
Initiated by the International Accreditation Forum (IAF) and the International Laboratory Accreditation Cooperation (ILAC), the annual World Accreditation Day held on 9 June serves to highlight the role of accreditation in the safety and quality of products and services, and in consumer protection and international trade.