SAN FRANCISCO, Calif – The Online Trust Alliance (OTA) today formally ratified and released the Internet of Things (IoT) Trust Framework. The Framework is the first global, multi-stakeholder effort to address IoT risks comprehensively including 30 principles providing guidance for device manufacturers and developers to enhance the security, privacy and sustainability of their devices and data they collect.
OTA’s IoT Trustworthy Working Group (ITWG) was established in January 2015, chartered with development of an IoT Trust Framework to address security, privacy and life-cycle sustainability in IoT products and services. The initial scope of this initiative focuses on 1) connected / smart home products and 2) consumer facing health and fitness wearable technologies.
The IoT Trust Framework is a globally collaborative effort reflecting 12 months of drafts and calls for public comment. The Framework reflects feedback from nearly 100 US and international companies and organizations ranging from major retailers and device manufacturers, to security and privacy subject matter experts, to consumer testing and advocacy organizations, to academia, government and law enforcement. This multi-stakeholder effort is a major step forward in what may ultimately serve as a foundation for an international certification program.
"The framework demonstrates the ability of the public and private sectors to coalesce and develop meaningful and actionable guidelines, enhancing security and privacy practices globally," said Craig Spiezle, Executive Director and President of the Online Trust Alliance. "Adopting the Framework, is a step towards realizing the promise of IoT and making security and privacy competitive product features."
The IoT Trust Framework will be released today presented at the RSA Conference 2016 in San Francisco in the OTA’s panel discussion "Diffusing the IoT Time Bomb: Security and Privacy Trust Code of Conduct." Panelists included Brian Witten, Sr Director, Internet of Things, Symantec; Paul Plofchan, Regulatory Affairs, Chief Privacy Officer, ADT and Harvey Anderson, Chief Legal Officer and Chief Privacy Officer, AVG Technologies along with Craig Spiezle, Executive Director and President, Online Trust Alliance, (OTA) as moderator.
OTA IoT Framework Goals
- The improvements to the newly revised framework further advance OTA’s and its partners’ key objectives:
- Deliver guidance to manufacturers and developers to help reduce attack surface and vulnerabilities, and adopt responsible privacy and data stewardship practices.
- Drive the adoption of security, privacy and sustainability best practices, embracing “privacy and security by design” as a model for a voluntary, yet enforceable code of conduct.
- Provide positive affirmation and recognition to companies, products, and retailers who embrace the code of conduct and meet minimum standards.
- Publish the criteria and mechanisms leading an enforceable code of conduct and certification program.
To assist in the implementation and adoption of the framework, OTA provides a companion IoT Trust Framework Resource Guide with expanded explanations, examples, best practices and resources. To review the IoT Trust Framework and Resource Guide, or for more information on the ITWG, visit https://otalliance.org/IoT. Updates and revisions will also be posted to that location.
The Online Trust Alliance (OTA) is a non-profit with the mission to enhance online trust and user empowerment while promoting innovation and the vitality of the Internet. Its goal is to help educate businesses, policy makers and stakeholders while developing and advancing best practices and tools to enhance the protection of users' security, privacy and identity. OTA supports collaborative public-private partnerships, benchmark reporting, and meaningful self-regulation and data stewardship. Its members and supporters include leaders spanning the public policy, technology, ecommerce, social networking, mobile, email and interactive marketing, financial, service provider, government agency and industry organization sectors.