The CIO Strategy Council has announced that it is now inviting comments on the draft second edition of the National Standard of Canada for the fundamentals of digital trust and identity (CAN/CIOSC 103-1: 2020, Digital trust & Identity – Part 1), which specifies minimum requirements and a set of controls for creating and maintaining trust in digital systems and services that assert and/or take in identity and credential data pertaining to people and organizations.
Accredited by the Standards Council of Canada, the CIO Strategy Council is composed of chief information officers and technology executives who have joined forces to work on common digital priorities. Its published and in-progress standards encompass more than a dozen areas, including agricultural blockchain, artificial intelligence, cybersecurity, connected cities, online voting, open finance, procurement, health , digital skills, digital identity, open finance, and more.
Each standard includes a schedule for its review – in the case of digital trust and identity, it began one year after publication because of the fast-changing landscape – which may result in amendment, additions, or even withdrawal of the standard. However, said CIO Strategy Council executive director Keith Jansa, any stakeholder can submit comments at any time and the technical committee is required to review them and take appropriate action.
“With any standard that CIO Strategy Council produces, as much as they are national standards of Canada, they are fit for global use, with the intent of informing stakeholders, both here at home and abroad as to the expectations of products, services, and people, and with this particular standard, ensuring that Canadian interests are taken into consideration as new digital identity programs are created around the world,” he said. “A lot of what we’re finding is that, when it comes to the competitiveness of a country, our well being, the economic and noneconomic dimensions, with legislation and regulation not keeping pace with technology change, that there is a need to build consensus toward the expectations of products, services, and people in the space.”
Two unpublished standards are also open for public review and comment: CAN/CIOSC 112-20XX, National Occupational Standard for the Cybersecurity Workforce, and CAN/CIOSC 100-8:20xx, Data Governance – Part 8: Framework for Geo-residency and Sovereignty.
Comments on the second edition of Digital Trust & Identity – Part 1 are due by Sept. 21, 2022. Comments on the national occupational standard for the cybersecurity workforce are due by Oct. 21, 2022, and comments on the data governance standard are due by Oct.31, 2022.