General Standards Required for Testing Websites (Certificates)

The introduction of Internet based business transactions (e-commerce) brings with it fresh problems for businesses. It is particularly important to clarify the question of the extent to which the use of new technologies is a threat to privacy.

The use of new technologies involves some specific risks. The networking of systems affects both the total data flow of the whole business and conventional business procedures as well. The essential issue for the business is how secure it is perceived to be by outsiders, for mistrust on the part of business partners and potential customers can put the whole entrepreneurial success of e-commerce in jeopardy.

The introduction of a certificate, tested in the course of an IT review by an independent organisation, gives a business the possibility of demonstrating its security and data protection standards to the outside world.

This requires that the following aspects be tested:

  • security of access to the data
  • protection of personal data
  • confidentiality of data
  • availability of data
  • integrity of data

It is also important that the testing criteria should be uniform and international, and be published on the Internet so that the quality level can be objectively understood. The test must be planned and carried out in accordance with well-known testing standards. Only recognised examiners who must be totally independent should make the award of the certificate. Further information on certificates can also be found in the 8th Activity Report 2000/2001.

[July 2002]