François Chung, Ph.D.

Tag: regulatory compliance

ISO 9001 & ISO 27001

ISO 9001 & ISO 27001

Advisera training, MOOC (2022). These 2 online courses provide all of the key information needed to know about both ISO 9001 (quality management) and ISO 27001 (information security) standards, including the requirements, best practices for compliance and how to implement them for any type of business. These courses are made for beginners with no prior knowledge in quality management, information security and ISO standards.

ISO 9001: Quality management

Main topics:

  • Introduction to ISO 9001;
  • The planning phase;
  • Operations;
  • The Check and Act phases.

ISO 27001: Information security

Main topics:

  • Introduction to ISO 27001;
  • The planning phase;
  • Risk management;
  • The Do phase;
  • The Check and Act phases.

References

Digital identity wallet

Digital identity wallet

Zetes project @Brussels, Belgium (2022). For many years, transactional and online services have relied on end users using devices such as desktop computers and laptops. Therefore, solutions for remote identity proofing and digital signatures have been designed to the characteristics of such devices. However, these devices are more and more replaced by mobile devices such as tablets and smartphones, which raises new challenges.

For example, smart cards and tokens, which are typically connected to desktop computers and laptops using USB devices, cannot be easily connected to smartphones, or cannot at all. Furthermore, given developments in cloud computing, solutions have emerged in the last few years where the process of digital signature creation is done in a distributed way by different systems that may be controlled by different actors.

This is why recent standards have introduced the concept of mobile identity (e.g. driving licence in association with a mobile device) and electronic signature created using a remote signature creation device (i.e. electronic signature device is replaced by cloud-based services offered and managed by a trusted service provider), which can be both made available to the end user through a digital identity wallet as a smartphone app.

The related standards are:

  • ISO/IEC 18013-5:2021 - Personal identification, ISO-compliant driving licence, Part 5: Mobile driving licence (mDL) application;
  • ETSI TS 119 432 - Electronic Signatures and Infrastructures (ESI), Protocols for remote digital signature creation;
  • CSC standard - Architectures and protocols for remote signature applications.

In this project, my tasks are first related to the analysis of these standards so as to investigate how they could be implemented in practice and what is their impact on the project scope. Then, my tasks are related to the analysis of business needs (whether internal or from the customer), software implementation (e.g. software releases and documentation) and project management (e.g. project coordination with the customer).

References