PRINCIPLES AND BENEFITS OF THE CHARTER OF TRUST

Central to the core of the Charter of Trust is the ten principles to ensure the adoption of digital security. These principles revolve around the protection of data, people and organisations, and allow the partners to collaborate effectively as they create a secure digital world.

---

10 Key principles 

The ten principles of the Charter of Trust are: 

 

1. Ownership of cyber and IT security

Anchor the responsibility for cybersecurity at the highest governmental and business levels by designating specific ministries and CISOs. Establish clear measures and targets as well as the right mindset throughout organisations – “it is everyone’s task”.

 

2. Responsibility throughout the digital supply chain

Companies and if necessary governments must establish risk-based rules that ensure adequate protections across all IoT layers with clearly defined and mandatory requirements. Ensure confidentiality, authenticity, integrity and availability by setting baseline standards such as:

• Identity and access management: Connected devices must have secure identities and safeguarding measures that only grant access to authorised users and devices;
• Encryption: Connected devices must ensure confidentiality for data storage and transmission purposes, wherever appropriate;
• Continuous protection: Companies must offer updates, upgrades and patches throughout a reasonable lifecycle for their products, systems and services via a secure update mechanism. 

3. Security by Default

Adopt the highest appropriate level of security and data protection and ensure that it is pre-configured into the design of products, functionalities, processes, technologies, operations, architectures and business models.

 

4. User-centricity

Serve as a trusted partner throughout a reasonable life cycle, providing products, systems and services as well as guidance based on the customer’s cybersecurity needs, impacts and risks.

 

5. Innovation and co-creation

Combine domain know-how and deepen a joint understanding between firms and policymakers of cybersecurity requirements and rules in order to continuously innovate and adapt cybersecurity measures to new threats; drive and encourage contractual Public Private Partnerships, among other things.

 

6. Education

Include dedicated cybersecurity courses in school curriculum – as degree courses in universities, professional education and trainings – in order to lead the transformation of skills and job profiles needed for the future.

 

7. Certification for critical infrastructures and solutions

Companies and if necessary governments establish mandatory independent third-party certifications (based on future-proof definitions) for critical infrastructure as well as critical IoT solutions. 

 

8. Transparency and response

Participate in an industrial cybersecurity network in order to share new insights, information on incidents et al.; report incidents beyond today’s practice, which focuses on critical infrastructure.

 

9. Regulatory framework 

Promote multilateral collaborations in regulation and standardization to set a level playing field matching the global reach of WTO; inclusion of rules for cybersecurity into Free Trade Agreements (FTAs).

 

10. Joint initiatives

Drive joint initiatives including all relevant stakeholders in order to implement the above principles in the various parts of the digital world without undue delay. 

 

See how TÜV SÜD can help you achieve success in Cyber Security here.

---

Benefits of THE Charter of trust 

By collaborating with the Charter of Trust, organizations are able to reap a number of benefits:

• Synergy: Working together with leading global organisations in achieving Cyber Security.
• Harmonisation: Harmonisation of global standards, norms and best practices to tackle the challenge of global vs local regulations and standards by creation of baseline Cyber Security Requirements.
• Knowledge transfer: Exchange between various organisations across industries on Cyber Security best practices and domain know-how.
• Increased awareness: Raising awareness of Cyber Security risks and best practices used in several organisations
• Influencing adoption: Increasing adoption of Cyber Security Requirements across companies and their global value chains. 

 

IN FOCUS: SECURITY BY DEFAULT

Security by Default is a principle that ensures that security is considered right from the start of the design of a product, a process or even a business model. The objective is to define critical cyber security requirements needed to deliver secure products, processes, services and business models in line with current standards and best practices. These must also be verifiable in order to provide assurance that the requirements are adequately met.

This principle is divided into three phases:

Phase 1: Products, Functionalities and Technologies

Phase 2: Processes, Operations and Architectures

Phase 3: Business Models

Find out more in the infographic below showcasing a list of 19 Security by Default features as defined by the Charter of Trust. Download infographic here.