Technology Assurance Sandbox: Promoting Innovation and Assurances
The Malta Digital Innovation Authority offers a Technology Assurance Sandbox for technology developers. This sandbox aims to provide a safe environment for innovative technology solutions and align them with international standards. Certification is voluntary and ensures quality, user, and investor assurances. The process involves onboarding, residency, and an exit plan, emphasizing gradual assessment and support for startups. The MDIA evaluates resident applications based on technology blueprints, functional specifications, and business plans, promoting technological assurances and legal certainty.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
E N D
Presentation Transcript
Technology Assurance Sandbox
MDIA and Technology Assurances One of the main functions of the Malta Digital Innovation Authority is that of providing technology assurances certification. The MDIA licenses Systems Auditors entities which have the capacity to provide technical audits. The MDIA provides guidelines as to what is required for the provision of certification (control objectives to be audited, and other legal/technological requirements). Technology developers and/or providers may apply for certification by undergoing a technical audit by a licensed Systems Audit. Certification caters for Innovative Technology Arrangements (ITAs), currently covering DLT-based systems, AI and critical systems. Certification is on a voluntary basis unless mandated by the lead authority in the application domain (gaming, financial services, environment, etc.). Recognised certification is intended to be a mark of quality providing user and investor assurances.
MDIA Technology Assurance Sandbox A technology-centric and not regulatory sandbox risk is technological in nature, not operational. Aims to promote technology assurances by providing a gradual process, supporting: ITAs in which the technology is still in a state of development by allowing for gradual assessment. Innovative technologies with inherent risks which may benefit from gradual operational deployment. Startups by allowing for technology assessment costs to be spread. Sandbox residency allows for gradual technology assessment, deployment of technology, and oversight. Based on the principle of proportionality, scaling with the level of technological risk.
Technology Assurance Sandbox: The Benefits Safe development environment for solutions based on innovative technologies. Align solutions to established control objectives based on International standards and guidelines. Independent technical assessments by a MDIA-approved domain experts. Technological Assurances through functional correctness and sound technological best practices and international standards. Legal certainty through uncompromised due diligence process, appointment of a Technical Officer and Forensic Node. A mark of quality, providing user and investor assurances. In line with forthcoming EU regulation.
The Sandbox Process Full certification Onboarding Residency Exit plan process
The Onboarding Process Becoming a resident of the MDIA-TAS requires: Sandbox blueprint describing the technology (existing and planned), functional specifications and analysis technology risks. Residency plan providing a reporting plan (what will be reported to MDIA and when) and milestones at which additional assessment will be required. This must include an exit plan. Business plan covering the technology which will be in the MDIA-TAS. MDIA will evaluate these documents against published criteria.
The Onboarding Process The Residency Plan typically includes: Technological and operational milestones The initial setup and operational constraints An assessment plan The Sandbox Blueprint typically includes: Core operations of the ITA Functional specifications, including technical architecture diagrams and user activity diagrams. Safeguards in place to ensure operational limits. The set up of a Forensic Node which will store all relevant information for reporting and assessment. Technology-driven risks and mitigation mechanisms. The blueprint evolves as the milestones advance, with assessments assisting the process.
The Onboarding Process An Evaluation Board assesses applicants based on published criteria: Ensure that the technology qualifies as an ITA Technical soundness Impact assessment Quality of residency plan Risk assessment and mitigation Fit and proper status of applicants Accepted applicants will be required to appoint a Technical Officer who will act as the main point of contact with the MDIA. A Technical Soundness Assessment covering Milestone 0 based on the blueprint must be submitted to MDIA within 3 months of acceptance.
Technology Soundness Assessment Technical Soundness Assessments are incremental assessments of the technology: performed by MDIA licensed experts in the technological domain; based on relevant control objectives as identified by the Residency Plan milestones. Typically covers a technical (including code review and assessment) and process review (including security processes in place) against the blueprint and other documentation. As long as the growth of the ITA is an incremental one, such an assessment can be limited to the newly added technology and processes. It is aimed at assisting the resident to identify gaps in their technology and processes, supporting improvement and growth.
MDIA-TAS and TAAF TAAF will provide a more flexible and modular control objectives which will be adopted by MDIA- TAS. The risk-based approach adopted by TAAF will support the MDIA-TAS processes. Unlike full certification, the MDIA-TAS is targeted to assist through assessment. MDIA is looking at means of putting ever more emphasis on assistance, without compromising the certification assessment pathway.
Key Benefits Start-ups & smaller players Lower cost of change TAAF Forthcoming EU regulations Framework Legal & regulatory certainty MDIA Investor Assurance Trust certification