The starting point for CRISP (Evaluation and Certification Scheme for Security Products) project was the fragmented nature of the security market in Europe, which acts as a barrier to its future growth. The market includes very different types of products and services, which are supplied by different stakeholders and regulation and law surrounding their use differ between European countries. There is also lack of transparency of certification efforts, which means that security products and systems need to be re-certified in each European country before they can be marketed. This delays innovation reaching the market and puts an administrative and financial strain on businesses working within this field. The European Commission has identified standardisation and certification as action points that can be used to contribute to harmonisation across the field. To contribute toward this effort the CRISP project aimed to produce building blocks for a new Pan European certification scheme that focuses on assessing the social impact and effectiveness of security systems and thus enhance current certification efforts, which mostly target assessment of the technical requirements of security technologies. The CRISP evaluation method should also contribute to measures that aim to increase citizen trust and confidence in security technologies.
One of the key building blocks is the The CRISP CEN Workshop Agreeement (CWA) on “Guidelines for the evaluation of installed security systems based on the STEFI dimensions” (CWA 17147): 2017 05, The CWA was published by CEN in May 2017 and is available free of charge on the CEN-Cenelec website. The CWA is a best practice document for further standardisation efforts and input for the development for the future CRISP certification scheme.
The CWA 17147 allows all interested parties to understand and apply the CRISP STEFi approach to installed security systems, with an example included for video surveillance systems. STEFi stands for Security, Trust, Efficiency and Freedom infringement, and the methodology integrates these dimensions in its evaluation phase. This is an innovative approach as certification has, to date, primarily focused on the evaluation of technical requirements for security systems.
The overall objective of CRISP was to enhance existing security evaluation and certification schemes by offering an innovative evaluation methodology that integrates the security, trust, efficiency and freedom infringement assessment dimensions.
In relation to this overall objective CRISP:
1. Created a taxonomy of security products and systems, concepts of operations, application areas, performance and set out criteria for comparing security products and systems.
2. Provided a historical perspective on security standards and certification in Europe and analyse the state of the art in security standards, certification and accreditation at the Member State, regional and international level.
3. Identified and determined the role of different stakeholders, gauged their views on the challenges affecting security certification and determined requirements for a harmonised EU-wide approach.
4. Examined the core dimensions (security, trust, efficiency, freedom infringement) of security product certification and present the requirements for enhancing existing evaluation and certification schemes.
5. Presented a certification methodology, policy and procedures for security products, test-drive, evaluate and refine it.
6. Presented a roadmap for adopting the proposed certification scheme and work towards enhancing acceptance of the new certification measures.
Trilateral was the deputy co-ordinator of the CRISP project and led WP3 on Stakeholder Analysis in Security Certification and WP8 which oversaw the dissemination and communication of CRISP findings.
CRISP partners delivered over 20 outputs from their project work, the key ones being:
The CRISP consortium worked hard on targeted communication and awareness raising among stakeholder groups in Europe. In the first part of the project, the CRISP partners conducted extensive research into security certification, standardisation and accreditation, and performed analysis of existing certification schemes, as well as researching the needs of stakeholders within security certification. All these provided the foundation for the development of the STEFi evaluation methodology.
Stakeholder engagement throughout the project was extensive and consistent. Several organisations have followed the CRISP project from the start and showed interest in the development and final results. The CRISP consortium provided the building blocks for a new certification scheme and provided guidance (certification manual, roadmap, and exploitation plan) on how an organisation can further develop these and provide additional building blocks to first pilot and then to implement the full scheme. A few organisations have expressed interest in taking the project results further.
The CRISP scheme, once established, will contribute to harmonisation efforts across Europe and extend certification efforts to focus on the social implications of security technologies. By having a CRISP certificate, those who provide security services or employ security technologies at their locations, can demonstrate that the protection of fundamental rights of persons have been taken into consideration, as well as data protection principles.
For more information, please visit project’s website www.crispproject.eu .
The CRISP project received funding from the European Research
and Innovation programme FP7 under grant agreement number 607941.