CWA 17147:2017

This workshop agreement describes the methodology for the evaluation of security systems that are or will be applied in a specific context, applying the STEFi approach. The evaluation involves application of STEFi criteria in four dimensions, namely security, trust, efficiency and freedom infringement. These criteria are not only applied individually but also their interrelationships are taken into account and the STEFI approach thus provides a holistic view on the aspects and impacts of security systems. The aim is that the evaluation process described in this CWA will provide reproducible results; i.e. different evaluation bodies that apply the methodology to similar systems in a similar context, should reach similar conclusions.
NOTE    It will be part of the management and maintenance of the future certification scheme to enhance reproducibility of results of STEFi evaluation, e.g. by exchange and discussion of experiences, discussing case studies as a basis for further refining the requirements for the evaluation method.
While the methodology that is described in this CWA is generally applicable to all types of security systems, the examples given and the list of assessment questions and requirements in Annex A are specifically related to planned and installed video-surveillance systems in a specific context.
NOTE    Application of the video-surveillance systems in specific context implies that the system is already installed or designed and to be installed in specific and already known situations. This is a boundary condition, because otherwise full application of the STEFi evaluation is not possible.
The overall goal of the CWA is to provide a basis for including the STEFi approach for the evaluation of security systems in a certification scheme. The CWA excludes the certification scheme itself. The target group of this CWA are organizations that deal with evaluation of security systems and that are willing to enhance the scope of their evaluation in order to take into account the overall societal impact of these systems.
The methodology is applicable to security systems in a specific context (i.e. installed or planned to be installed). A system is defined as a set of interrelated or interacting components. Individual components of security systems can be certified separately against applicable technical and other relevant standards; if so, it shall be taken into account as evidence for conforming with specific STEFi criteria.