4.2.3 Operational Environment Certification

Participants in the International Data Spaces share valuable data. It is essential that all participant's organizational processes and operational environments are trustworthy. This trustworthiness is evaluated in the IDS Operational Environment Certification.

Central elements of the IDS Operational Environment Certification are the different Trust Levels and Assurance Levels. The IDS established these levels to offer suitable certification profiles for different use case requirements.

On one side, the following three Trust Levels are established:

• Trust Level 1: Entry into data sharing

• Trust Level 2: Providing reliable services

• Trust Level 3: Offering trust-building services

Higher Trust Level represent the increasing amount of criteria which needs to be fulfilled for a successful certification.

On the other side, the following three Assurance Levels are established:

• Assurance Level 1: Self-Assessment

• Assurance Level 2: External evaluation of corporate policies and processes

• Assurance Level 3: External audit of measures controlling the adherence to corporate policies

Higher Assurance Level represent the increasing demand for more reliable evidence that needs to be presented in different evaluation methods to prove compliance with the certification criteria.

The following figure illustrates all possible combinations of assurance and trust level, that an applicant can choose from. The combinations not marked with a tick, e.g. Assurance Level 1 and Trust Level 3 can not be selected, due to incompatible purposes.

Figure 4.2.3.1: Overview on Certification Levels for Operational Environment Certification

An in-depth description of the Operational Environment Certification can be found in the IDS Certification Scheme. The Criteria Catalogue for Operational Environment Certification can be requested on the IDSA homepage.