The cliché of the world being in constant development and change is well known and accepted. What’s needed, however, is a need for businesses and authorities to keep up with these changes, or rather preempt them by coming up with innovative solutions to these constantly changing challenges. This is what the Malta Digital Innovation Authority had in mind when announcing public consultation sessions with regards to their Technology Assurance Assessment Framework (TAAF).
Now, for the uninitiated, it might sound like a hugely technical article is about to follow this statement, and while that may be true in some parts, we’ve tried to make it as simple as possible to follow to help you understand whether you’re in need of the MDIA’s services and which services in particular
Offering digital solutions? Listen up…
Part of the MDIA’s vision is to help develop and deploy innovative technology, of which certification is a key component. Having a digital solution in the market is well and good, but if it’s got the MDIA’s badge of trust, so to say, it shows that the product has been vetted by a panel of experts across different parameters and controls.
Now, what TAAF will aim to do, as per the mission statement, is “provide varying levels and tailored technical assurance to a wide spectrum of Innovative Technology Applications operating with different risk appetites, with the objective of ensuring maximum insurance value to solution stakeholders”. What this translates to in plain English is that the MDIA, through TAAF, will be able to provide feedback and improvement to owners of technological products with a view to help them release as good a product as possible.
That results in not just the business coming up with a profitable end product, but also a functional service that people can purchase. At the end of the day, the stakeholders are all those in some way connected to the product, whether that’s at conception, sale or purchase.
This framework is key because technologies are developing and changing at faster rates than ever, so change is needed as these new technologies develop. This means that the solutions provided to businesses, and from businesses to their clients need to keep up with that pace, and the best way of doing this is by having specific disciplines for each industry as required. The days of taking a one-size-fits-all approach have long since died out, and specificity and niche are most certainly the way forward.
Here’s why TAAF is the way forward
This framework will provide technological assurances to a wider variety of technologies, like hybrid tech composed of both innovative and traditional tech operating in different sectors, specific tech disciplines as well as sector-specific custom assurance in collaboration with the respective authorities and entities relating to that particular sector.
There are plenty of benefits to the TAAF. Primarily, applicants will gain a competitive advantage while ensuring regulatory compliance for a variety of fields. Using it will also significantly reduce enterprise risks, enhance your corporate brand by having the MDIA certification.
There are three TAAF assessment types, namely the Custom Certification, the Industry-Specific Certification and the Self Assessment Recognition. The custom allows for a wide variety of solutions to be assessed on controls subject to different tech domains, associated market sectors and applicable regulations. Ultimately, certification will be awarded based on the overall information security and operational risk oversight.
The industry-specific certificate will require interested enterprises to be assessed on agreed controls which would be in line with regulations set by the respective local authorities and entities. Same as above, the certificate is received depending on how the applicant scores in terms of overall information security and operational risk oversight.
The self-assessment recognition, as the name implies, is not a certification, but it allows applicants of pre-established tech themes to assess their enterprise maturity level over specific technologies. What this does is provide insight and assistance for potential areas of improvement and provides a form of recognition award for the applicants efforts to align.
Self assessment is not a free shot
The term might imply that it’s kind of the easy way out of an organisation getting the MDIA’s aforementioned badge of trust, but there’s a subteam working on the control objectives for e-commerce self-recognition intended to cater for local companies that sell their services online. The control objectives are being listed and are being defined in terms of guidelines.
Even if the applicant in question does achieve the recognition, it’s still only valid for a finite period. It will be easy to obtain in terms of applying online and so on, but there will be a digital timer advising the MDIA and the applicant when it’s nearing its end. In the meantime, the MDIA will also be carrying out random checks to ensure that the owner of the technology is implementing exactly what they detailed in the assessment.
Self-assessment is not something new to the industry, with the success of similar assessments being done internationally. It helps smaller players get some form of certification that does not break their bank. It’s important to have such recognition for their technology, and eventually, it will become a competitive advantage.
Get in touch
You are absolutely forgiven if you think that all of this information is a little bit too much, so, if you’re looking for a little bit, or a lot more, clarification, get in touch with the MDIA today and see if your business solution is eligible and where you can improve.