Twitter: @KantaraNews
LinkedIn: @KantaraInitiative
In response to your comments in this vein Kay (IAWG mtg 2023-10-05), the two first thoughts into my head are:
1) Secure the TSL. This document is fundamental to KI’s being and a lot of parties (Approved CSPs, Accredited Assessors and those seeking the services of those listed on it) rely upon its integrity and availability. Our TSL follows the principles of the Trust List defined in the attached ETSI standard. However, it is not hosted as an electronic list in the manner described in that standard and therefore it is not cryptographically signed nor machine searchable. The standard goes into some depth to describe the purpose and structure of each element plus it allows for list-owner specific extensions where required. I daresay there are apps which can support the populating and provisioning of such lists, though I’ve not recently explored this.
The key point however is that we would have a secure digitally-signed list in a manner which adopts a defined standard, which is what we’re all about.2) Getting certified against IS27001 wouldn’t be a bad idea. Lead from the front!
Happy to contribute further in exploring these points.
Richard G. WILSHER
CEO & Founder, Zygma Inc.
www.Zygma.biz
+1 714 797 9942