How Standards Help Build Trust in Technology
In today’s digital economy, organizations depend on software and systems that are safe, secure, and reliable. Whether you’re building technology, procuring services, or managing risk, the ability to demonstrate trustworthiness is no longer optional — it’s essential.
That’s where international and national standards come in. They offer a common language, clear expectations, and structured frameworks for ensuring that systems behave as intended and remain dependable in the face of change, threats, or failure.
Here are three key standards and bodies at the forefront of this work:
🔹 PAS 754 – Software Trustworthiness: Governance and Management
Issued by: British Standards Institution (BSI)
Focus: Risk-informed governance and software assurance
PAS 754 defines what it means for software to be “trustworthy.” It focuses on ensuring that software development and operation account for safety, reliability, availability, resilience, and security — collectively known as trustworthiness facets.
This standard guides organizations in:
- Embedding trust principles into governance and management
- Performing risk assessments tailored to the software’s role and impact
- Mapping trustworthiness goals to technical and organizational measures
✅ PAS 754 helps organizations ask the right questions when evaluating software risks and benefits.
🔹 BS 10754 – Systems Trustworthiness (Information Technology)
Published by: BSI
Latest Version: BS 10754-0:2024
BS 10754 builds on PAS 754 and expands the scope to include entire systems, not just software.
It provides:
- A structured approach to implementing Entity Trustworthiness (ET)
- Frameworks for managing trust-related risks across the lifecycle
- Techniques for validating, verifying, and auditing trustworthiness
- Definitions for trustworthiness levels based on use, risk, and environment
The standard is modular, including:
- Part 0 – Concepts and Overview
- Part 2 – Implementation and Management
- Part 3 – Validation and Certification
✅ BS 10754 helps organizations systematize how they define, build, manage, and prove trust in the technology they use or produce.
🔹 ISO/IEC JTC 1/SC 7 WG 13 – Software and System Product Quality
Managed by: ISO/IEC Joint Technical Committee 1 (JTC 1), Subcommittee 7 (SC 7)
Focus: Quality characteristics and models for software and systems
Working Group 13 (WG 13) is responsible for the SQuaRE series (Software Product Quality Requirements and Evaluation), including ISO/IEC 25010, which defines:
- Functional Suitability
- Performance Efficiency
- Compatibility
- Usability
- Reliability
- Security
- Maintainability
- Portability
These characteristics are used globally for software evaluation, benchmarking, and certification, and provide essential input for quality models, supplier evaluation, and requirements definition.
✅ WG 13’s work ensures quality can be measured consistently and compared meaningfully across different systems and markets.
💼 Why These Standards Matter for Businesses
Whether you’re a software vendor, a procurement lead, or a regulator, these standards help:
- Reduce risk in the software supply chain
- Improve product and service quality
- Align teams around common quality and trust objectives
- Enable more confident procurement decisions
- Build stakeholder trust with verifiable assurance
Standards offer not just compliance checklists, but best-practice frameworks that streamline innovation, assurance, and accountability.
🔍 Who Uses These Standards?
Organizations across sectors adopt these standards as part of their governance, assurance, and procurement strategies. One example is CUPAS (Commodity Usage Principles and Assurance Scheme), which references BS 10754 as the foundation of its common assurance model. CUPAS uses these frameworks to calibrate and compare different certification schemes and help buyers make informed, risk-aware choices.