intended-audience
1.2 Intended Audience
The Framework can be used internally in an organisation as a pre-compliance tool to self-assess or self-certify against, or by a third-party auditor. It can also be used ‘in part’, as a procurement mechanism to help specify security requirements of a supplier contract. The Framework is aimed at the following stakeholders:
-
For Managers in organisations that provide IoT products, technology and or services. It gives a comprehensive overview of the management process needed to adopt best practice. It will be useful for executive, programme, and project managers, by enabling them to ask the right questions and assess the answers.
-
For Developers and Engineers, Logistics and Manufacturing Staff, it provides detailed requirements to use in their daily work and in project reviews to validate the use of best practice by different functions (e.g. hardware and software development, logistics etc.). Documentary evidence may be assembled using this Framework as a guide or by completing the Assurance Questionnaire (see below 1.4 IoTSF Resources That Support The Framework). In this way, documentary evidence will be compiled to demonstrate assurance both at development gates, and with third parties such as auditors or customers.
-
For Supply Chain Managers, the structure can be used to guide the auditing of security practices. It may therefore be applied within a producer organisation (as described above); and inspected by a customer of the producer.
-
For Trusted Third Parties as part of an audit or certification process.