How do you go about actually defining required levels of trustworthiness?

Cheryl RocheleauCheryl Rocheleau Director, Marketing Programs
edited February 2020 in Security

Question posed in the Jan 28, 2020 Webinar:

Is it a top-down, or bottom-up thing?



  • Bassam ZarkoutBassam Zarkout IGnPower admin

    Managing and controlling a trustworthy system may require combination of bottom-up and top-down elements—a middle-out approach.

    Due to the cross-functional nature of the work and the need to coordinate both top-down and bottom-up activities it is useful to create a cross-functional team to manage trustworthiness activities in the organization, a trustworthiness steering committee. This committee can steer the activities related to trustworthiness, the trustworthiness program. The steering committee will need to consider both bottom-up and top-down approaches:


    • Stakeholders: Operational, production and regional managers, with their partners and customers.
    • Drivers: There are both operational “local” drivers, and “top-down” drivers. Operational drivers: safety and continuity of local operations, risk mitigation with respect to local production and operational objectives, reliability of equipment and services involved in local operations, resilience of operational systems with respect to known risks.
    • Challenges: Fragmented objectives and governance across departments, business units. Harmonizing and integrating the separate trustworthiness objectives and measures so that they align with and contribute to corporate and regulatory drivers.
    • How to implement: empower operational personnel and managers to establish trustworthiness objectives and metrics for local operations (unit, regional, department). Establish a trustworthiness council across business units to address fragmentation and inter-dependency challenges. The different stakeholders responsible for the various dimensions) of trustworthiness define the current states and identify minimum states of their respective domains. They also identify the requirements to move from the current to the minimum states, including technical road maps, budget requirements and resource requirements.


    • Stakeholders: corporate executives, business managers. Trustworthiness should be assigned a corporate sponsor who can mandate and track its realization within the organization (including timelines).
    • Drivers: regulatory compliance, global market requirements, corporate-wide policies, industry standard and practices.
    • Challenges: Trustworthiness crosses group and departmental boundaries within the organization. Organization-wide objectives must be translated in a consistent way across departments or units.
    • How to implement: Assign trustworthiness to a corporate sponsor who can mandate its realization within the organization (including timelines). This sponsor may, for strategic or competitive reasons, mandate targets for trustworthiness that can exceed the Minimum State level. A steering committee comprising representatives from these groups and departments is tasked with the responsibility of transforming and translating the trustworthiness mandate into specific requirements for each group.

    More details in the Managing and Assessing Trustworthiness in IIoT Practices white paper.

Sign In or Register to comment.