Home > National Telematics Framework > Levels of Assurance

Levels of Assurance

What is assurance in the National Telematics Framework?

Assurance means the ability to use and rely on data for the intended purpose.

Different assurance outcomes can be derived from five interrelated dimensions, which are managed through the National Telematics Framework:

  • The stringency of performance-based requirements (where the number of requirements related to data assurance increases with the level of assurance)
  • The assessment and approval process
  • The oversight of in-service performance
  • The management of changes
  • The management, security and use of data (which is always set at the highest level).

Providers such as application service providers (ASPs) and hardware suppliers deliver assurance outcomes through TCA certification or registration for application service provision, and TCA approval of devices.

What are the levels of assurance?

TCA supports three broad levels of assurance to cater for the different needs of stakeholders in digital technology and data.

Depending on the level of assurance required, TCA may approve:

ASPs may be approved to offer multiple applications and features – with different levels of assurance – through the NTF, noting that an application service or device suitable for use at a higher level of assurance can also be used in applications at lower levels of assurance. For example:

  • A telematics device used in an application at Level 3 Assurance can also be used in applications at Level 2 and Level 1 Assurance
  • Data managed at a high level of security in an application at Level 3 Assurance can also be used at the same level of security in applications at Level 2 and Level 1 Assurance.
Level 1 AssuranceLevel 2 AssuranceLevel 3 Assurance
1. Performance-based requirementsLeast stringentStringency between Level 1 and 3 AssuranceMost stringent
2. Assessment and approvalTCA registers ASPs through a self-assessment process

ASP self-assesses devices
TCA certifies ASPs using a
combination of self-assessment and independent assessment

TCA type-approves devices for use at Level 2 Assurance
TCA certifies ASPs with a greater emphasis on independent assessment

TCA type-approves devices for use at Level 3 Assurance
3. In-service performanceMinimal oversight by TCATCA provides oversight of all aspects of service provision and performs risk-based audit on selected aspects of service and dataTCA provides oversight of all aspects of service provision and performs risk-based audit on critical aspects of service and data
4. Management of changesASP manages changes through a self-assessment processChanges are managed through a risk-based assessment using a combination of self-assessment and independent assessment by TCAChanges are managed through a risk-based assessment with a greater emphasis on independent assessment by TCA
5. Data management and securityHighHighHigh
UsageAssociated with advisory, lower-cost applications; data is not depended upon for high levels of accuracy or integrityAssociated with applications that are used for purposes of data accuracy, integrity and authenticity and/or risk mitigation; information may be actionable but is not intended to be used as evidence for regulatory purposesAssociated with regulatory applications; the collection and secure storage of high-integrity data may provide data and information as evidence for regulatory purposes

What do ASPs need to know about levels of assurance?

There are a few things ASPs need to know:

  1. TCA approves ASPs wanting to offer telematics applications through the National Telematics Framework
  2. ASPs may be approved to offer multiple applications and optional features through the Framework
  3. Applications and devices operate at different levels of assurance 
  4. ASPs meet the costs associated with TCA’s approval process. Costs are influenced by:
    • What application(s) the provider wants to offer
    • The levels of assurance of those applications
    • Approvals already granted to ASPs through the NTF – including existing applications (and levels of assurance already offered by individual providers) and TCA-approved hardware – will be recognised for use in additional applications
    • The preparation of information by the provider so that TCA can perform an assessment (the better prepared an ASP is, the more streamlined the process).

Note: Some applications require TCA-approved telematics devices and on-board mass (OBM) systems.

New providers wanting to offer applications through the National Telematics Framework

The following table provides a summary of the main areas that TCA will assess (in green) when a new provider applies to provide application services for a telematics application. These areas are related to the ‘Assessment and approval’ dimension of the table above.


Level 1

Level 2

Level 3

What’s assessed and approved?

Data transfer
Data transfer assessment by TCA
Business capabilities
Self-assessment Probity and financial assessment by TCA
Functional and technical capabilities
Self-assessment Risk-based assessment of functional and technical requirements of application
Specific testing of critical requirements

Questions about levels of assurance? Contact us.

Last updated on 13 August 2021