Levels of Assurance
What is assurance in the National Telematics Framework?
Assurance means the ability to use and rely on data for the intended purpose.
Different assurance outcomes can be derived from five interrelated dimensions, which are managed through the National Telematics Framework:
- The stringency of performance-based requirements (where the number of requirements related to data assurance increases with the level of assurance)
- The assessment and approval process
- The oversight of in-service performance
- The management of changes
- The management, security and use of data (which is always set at the highest level).
Providers such as application service providers (ASPs) and hardware suppliers deliver assurance outcomes through TCA certification or registration for application service provision, and TCA approval of devices.
What are the levels of assurance?
TCA supports three broad levels of assurance to cater for the different needs of stakeholders in digital technology and data.
Depending on the level of assurance required, TCA may approve:
- Suppliers of telematics devices and Smart on-board mass (OBM) systems
- ASPs wanting to offer applications and features through the National Telematics Framework (NTF).
ASPs may be approved to offer multiple applications and features – with different levels of assurance – through the NTF, noting that an application service or device suitable for use at a higher level of assurance can also be used in applications at lower levels of assurance. For example:
- A telematics device used in an application at Level 3 Assurance can also be used in applications at Level 2 and Level 1 Assurance
- Data managed at a high level of security in an application at Level 3 Assurance can also be used at the same level of security in applications at Level 2 and Level 1 Assurance.
| Level 1 Assurance | Level 2 Assurance | Level 3 Assurance | |
|---|---|---|---|
| 1. Performance-based requirements | Least stringent | Stringency between Level 1 and 3 Assurance | Most stringent |
| 2. Assessment and approval | TCA registers ASPs through a self-assessment process ASP self-assesses devices | TCA certifies ASPs using a combination of self-assessment and independent assessment TCA type-approves devices for use at Level 2 Assurance | TCA certifies ASPs with a greater emphasis on independent assessment TCA type-approves devices for use at Level 3 Assurance |
| 3. In-service performance | Minimal oversight by TCA | TCA provides oversight of all aspects of service provision and performs risk-based audit on selected aspects of service and data | TCA provides oversight of all aspects of service provision and performs risk-based audit on critical aspects of service and data |
| 4. Management of changes | ASP manages changes through a self-assessment process | Changes are managed through a risk-based assessment using a combination of self-assessment and independent assessment by TCA | Changes are managed through a risk-based assessment with a greater emphasis on independent assessment by TCA |
| 5. Data management and security | High | High | High |
| Usage | Associated with advisory, lower-cost applications; data is not depended upon for high levels of accuracy or integrity | Associated with applications that are used for purposes of data accuracy, integrity and authenticity and/or risk mitigation; information may be actionable but is not intended to be used as evidence for regulatory purposes | Associated with regulatory applications; the collection and secure storage of high-integrity data may provide data and information as evidence for regulatory purposes |
What do ASPs need to know about levels of assurance?
There are a few things ASPs need to know:
- TCA approves ASPs wanting to offer telematics applications through the National Telematics Framework
- ASPs may be approved to offer multiple applications and optional features through the Framework
- Applications and devices operate at different levels of assurance
- ASPs meet the costs associated with TCA’s approval process. Costs are influenced by:
- What application(s) the provider wants to offer
- The levels of assurance of those applications
- Approvals already granted to ASPs through the NTF – including existing applications (and levels of assurance already offered by individual providers) and TCA-approved hardware – will be recognised for use in additional applications
- The preparation of information by the provider so that TCA can perform an assessment (the better prepared an ASP is, the more streamlined the process).
Note: Some applications require TCA-approved telematics devices and on-board mass (OBM) systems.
New providers wanting to offer applications through the National Telematics Framework
The following table provides a summary of the main areas that TCA will assess (in green) when a new provider applies to provide application services for a telematics application. These areas are related to the ‘Assessment and approval’ dimension of the table above.
Level 1
|
Level 2
|
Level 3
|
|
What’s assessed and approved? |
|||
| Data transfer | |||
| Data transfer assessment by TCA | |||
| Business capabilities | |||
| Self-assessment | Probity and financial assessment by TCA | ||
| Functional and technical capabilities | |||
| Self-assessment | Risk-based assessment of functional and technical requirements of application | ||
| Specific testing of critical requirements | |||
Questions about levels of assurance? Contact us.
Last updated on 13 August 2021