ST-CSF.TIA.001 Technology Integration and Architecture

DOCUMENT MANAGEMENT

Issuing department:

Converged Security Institute (CSI) - Technology Standards Division

Target audience:

Chief Information Security Officers (CISOs), Chief Technology Officers(CTOs), Security Operations Centre Managers, Physical Security Managers, Enterprise Risk Management Teams, IT Security Teams, Operational Technology Teams, Compliance Officers

Standard Owner:

Dr Vladimir Bunic – Converged Security Institute (CSI)

Standard Author(s):

Dr Vladimir Bunic - Converged Security Institute (CSI)

Approver:

CSI Technical Review Board

Date of approval:

03 October 2025

Repository:

All CSI Trustmark Framework Standards can be found in the CSI Digital Standards Portal

Document history:

(A) STANDARD KEY INFORMATION

1. PURPOSE OF THIS STANDARD:

This standard provides BEST practices for implementing unified Technology Integration and Architecture across cyber-physical security domains. It defines the requirements for deploying integrated Security Information and Event Management (SIEM) and Physical Security Information Management (PSIM) platforms that support the ST-CSF.001 Converged Security Framework approach to unified risk management.Through the application of this standard, organisations will establish consistent Cross-domain Integration capabilities aligned with the CSI Product-Oriented Endorsement & Readiness Framework evaluation dimensions. The correlation between European Union cybersecurity directives, data protection regulations, and converged security architecture must be specifically addressed, as these frameworks emphasise integrated security by design and systematic risk assessment across Hybrid Risks, Systemic Risks, and Cascading Risks.

The practices defined in this standard document are the minimum requirements for the specified scope. If an organisation is subject to additional regulatory standards (e.g.,NIS2 Directive, DORA, sector-specific regulations), then the most restrictive requirements apply. Critical infrastructure operators must implement additional controls as specified by their sectoral regulations and ST-CSF.001 Converged Security Framework requirements.

2. EXPECTED BENEFITS

Through application of this standard, organisations will achieve:

• Enhanced threat detection and response capabilities across cyber-physical domains
• Improved resource allocation and operational efficiency through Unified Platforms
• Reduced compliance fragmentation and regulatory risk
• Strengthened organisational resilience against Hybrid Risks, Systemic Risks, and Cascading Risks
• Unified incident response protocols with Cross-domain Integration
• Advanced predictive threat analysis through artificial intelligence and machine learning capabilities
• Comprehensive Zero Trust Architecture implementation across IT and OT environments
• Alignment with CSI Product-Oriented Endorsement & Readiness Framework certification levels (Standard, Gold,Platinum)
• Market differentiation through CSI Trustmark certification recognition

3. SCOPE

This standard applies to all organisational entities seeking CSI Trustmark certification for Technology Integration and Architecture capabilities, including subsidiaries, business units, and operational facilities under direct managerial control.For joint ventures or partnerships where the organisation does not have majority control, this standard applies when accessing, processing, or managing organisational security systems, data, or facilities.

In scope:

• All Security Information and Event Management (SIEM) systems and infrastructure
• All Physical Security Information Management (PSIM) platforms and integrations
• Cross-domain Integration platforms, middleware, and interfaces
• Cloud services and hybrid environments supporting integrated security operations
• Third-party integrations and supply chain security systems
• Zero Trust Architecture implementations across IT and OT environments
• Artificial intelligence and machine learning platforms for security operations
• Identity and access management systems supporting unified authentication

4. IMPLEMENTATION TIMELINE OF THE STANDARD

This standard is valid as of its date of issue, and adherence is mandatory for organisations seeking CSI Trustmark certification under Policy Code ST-CSF.TIA.001. Full implementation must be completed within 18 months of certification commencement. Existing systems must be assessed for compliance within 6 months.

5. CONFIDENTIALITY

This document is for General Use within organisations seeking CSI Trustmark certification.

6. TERMINOLOGY

For clarification of terms used in this standard, refer to the associated document AD-CSF.001 Converged Security Framework Terminology. Key definitions include:

ST-CSF.001 Converged Security Framework:

A unified approach integrating cybersecurity, physical security, and operational technology security into a cohesive risk management strategy that addresses hybrid, systemic, and cascading risks across all organisational domains

Hybrid Risks:

Threats that exploit vulnerabilities across both physical and digital domains simultaneously, requiring coordinated response across multiple security disciplines

Systemic Risks:

Interconnected system failures that can cascade across multiple operational areas, potentially causing organisation-wide disruption through network effects and dependencies

Cascading Risks:

Sequential failures triggered by initial incidents that propagate through organisational dependencies, creating amplified impact beyond the original threat scope

Cross-domain Integration:

The technical and operational interoperability between cybersecurity and physical security systems, enabling unified monitoring,analysis, and response capabilities

7. REQUIREMENTS

1. Technology Integration and Architecture Implementation

1. Organisations must deploy and maintain Unified Platforms that integrate Security Information and Event Management (SIEM) and Physical Security Information Management (PSIM) systems with integrated monitoring capabilities across all security domains within their organisational scope, demonstrating Systems Integration capability domain alignment with CSI Product-Oriented Endorsement & Readiness Framework Interoperability evaluation dimension requirements and supporting ST-CSF.001 Converged Security Framework unified risk management principles.
2. Organisations must implement and operate a Security Information and Event Management (SIEM) system capable of aggregating, correlating, and analysing security data from all cybersecurity sources within the organisation's digital infrastructure, addressing the Cybersecurity capability domain and supporting Technical Architecture domain requirements as specified in the CSI Product-Oriented Endorsement & Readiness Framework.
3. Organisations must deploy a Physical Security Information Management(PSIM) platform that consolidates and manages data inputs from physical security systems, including access control, surveillance, environmental monitoring, and perimeter protection systems, addressing the Physical Security capability domain within the CSI Product-Oriented Endorsement & Readiness Framework and enabling detection of ST-CSF.001 Hybrid Risks across physical-digital boundaries.
4. Organisations must establish and maintain Cross-domain Integration between SIEM and PSIM platforms to enable real-time situational awareness, coordinated incident response capabilities, and unified security reporting across all operational domains, demonstrating Cross-Functional Collaboration capability domain alignment.
5. Organisations must implement Zero Trust Architecture principles across all Information Technology (IT) and Operational Technology (OT) environments, with continuous verification of all users, devices, and network connections, ensuring policy enforcement, segmentation engines, and continuous validation capabilities aligned with CSI Product-Oriented Endorsement & Readiness Framework Zero Trust Architecture capability domain and Technical Architecture domain requirements.
6. Organisations must deploy artificial intelligence and machine learning capabilities for predictive threat analysis and automated response coordination across security domains, including anomaly detection, behavioural analysis, decision support, threat intelligence integration, and automation orchestration as specified in the CSI Product-Oriented Endorsement & Readiness Framework Innovation &Intelligence evaluation dimension.

2. SIEM System Requirements

1. Organisations must deploy and maintain a Security Information and Event Management system that aggregates, correlates, and analyses data from all cybersecurity sources within the organisation's operational environment, aligned with CSI Product-Oriented Endorsement & Readiness Framework Cybersecurity capability domain and Interoperability evaluation dimension to support ST-CSF.001 unified threat detection across Hybrid Risks, Systemic Risks,and Cascading Risks.
2. The SIEM system must demonstrate active data ingestion from network security devices, endpoint protection systems, identity management platforms, and application security tools, meeting CSI Product-Oriented Endorsement &Readiness Framework Deployment Maturity evaluation dimension requirements with minimum 75% integration coverage as specified in the framework technical validation criteria.
3. The system must provide real-time monitoring capabilities with automated alert generation and incident correlation functionality, supporting ST-CSF.001 Cascading Risks detection and CSI Product-Oriented Endorsement & Readiness Framework Innovation & Intelligence evaluation dimension through AI/ML-enabled threat correlation.
4. Data retention policies must comply with applicable EU data protection regulations and sector-specific requirements aligned with CSI Product-Oriented Endorsement & Readiness Framework Compliance Readiness evaluation dimension, including GDPR, NIS2, DORA, and Cyber Resilience Act obligations,supporting the Legal & Compliance capability domain and ST-CSF.001 regulatory convergence requirements.

3. PSIM Platform Requirements

1. Organisations must implement a Physical Security Information Management platform that consolidates inputs from all physical security systems across organisational facilities, aligned with the CSI Product-Oriented Endorsement &Readiness Framework Physical Security capability domain and enabling ST-CSF.001 Systemic Risks monitoring across physical security infrastructure dependencies.
2. The PSIM platform must integrate data feeds from access control systems, video surveillance networks, intrusion detection systems, and environmental monitoring sensors, meeting CSI Product-Oriented Endorsement & Readiness Framework Interoperability evaluation dimension standards and supporting ST-CSF.001 cross-domain threat intelligence correlation.
3. The platform must provide centralised command and control capabilities for physical security operations, demonstrating CSI Product-Oriented Endorsement& Readiness Framework Operational Capability domain alignment and User Experience evaluation dimension through intuitive interfaces supporting ST-CSF.001 unified incident response protocols.

4. Cross-domain Integration Requirements

1. Organisations must establish and maintain technical integration between SIEM and PSIM platforms to enable unified security operations, demonstrating CSI Product-Oriented Endorsement & Readiness Framework Cross-Functional Collaboration capability domain and supporting ST-CSF.001 converged security approach across Hybrid Risks, Systemic Risks, and Cascading Risks.
2. Integration protocols or middleware must demonstrate bidirectional data sharing and coordinated response capabilities, meeting CSI Product-Oriented Endorsement & Readiness Framework Interoperability evaluation dimension requirements and enabling ST-CSF.001 real-time correlation of cross-domain security events.
3. The integrated system must support automated escalation procedures and cross-domain incident management workflows, aligned with CSI Product-Oriented Endorsement & Readiness Framework Operational Capability domain and ST-CSF.001 unified incident response requirements for Cascading Risks mitigation.
4. Organisations must maintain unified monitoring dashboards that provide real-time situational awareness across both cyber and physical security domains, meeting CSI Product-Oriented Endorsement & Readiness Framework User Experience evaluation dimension and Strategic Governance capability domain requirements while supporting ST-CSF.001 executive visibility into converged risk posture.
5. Dashboards must display consolidated threat intelligence, incident status, and operational metrics from both SIEM and PSIM platforms, demonstrating CSI Product-Oriented Endorsement & Readiness Framework Intelligence(OSINT/HUMINT) capability domain alignment and supporting ST-CSF.001 unified threat landscape visibility.
6. Role-based access controls must ensure appropriate visibility levels for different operational personnel, aligned with CSI Product-Oriented Endorsement &Readiness Framework Identity & Access Management capability domain and User Experience evaluation dimension while supporting ST-CSF.001 principle of least privilege across converged security operations.

5. Zero Trust Architecture Requirements (CSI Framework Technical Architecture Alignment)

1. Organisations must implement comprehensive zero-trust architecture principles across all Information Technology and Operational Technology environments,aligning with CSI Product-Oriented Endorsement & Readiness Framework Zero Trust Architecture and Technical Architecture capability domains while supporting ST-CSF.001 continuous verification approach to Hybrid Risks and Systemic Risks mitigation.
2. Zero-trust implementation must include continuous verification and authentication of all users, devices, and network connections regardless of location or network perimeter, meeting CSI Product-Oriented Endorsement & Readiness Framework Identity & Access Management capability domain requirements and supporting ST-CSF.001 assumption of breach across all security domains.
3. Micro-segmentation and least-privilege access controls must be deployed across both IT and OT network segments with dynamic policy enforcement, demonstrating CSI Product-Oriented Endorsement & Readiness Framework IT Platforms &Infrastructure capability domain alignment and enabling ST-CSF.001 containment of Cascading Risks across network boundaries.
4. Real-time behavioural monitoring and risk assessment must be implemented for all authenticated entities within the technology environment, aligned with the CSI Product-Oriented Endorsement & Readiness Framework Innovation &Intelligence evaluation dimension and supporting ST-CSF.001 predictive identification of Hybrid Risks and Systemic Risks.

6. Artificial Intelligence and Machine Learning Requirements (CSI Framework Innovation & Intelligence Alignment)

1. Organisations must deploy artificial intelligence and machine learning capabilities for enhanced security operations and threat management, including anomaly detection, behavioural analysis, and decision support systems aligned with the CSI Product-Oriented Endorsement & Readiness Framework Innovation &Intelligence evaluation dimension and Intelligence (OSINT/HUMINT) capabilitydomain while supporting ST-CSF.001 converged threat detection across Hybrid Risks, Systemic Risks, and Cascading Risks.
2. AI/ML systems must provide predictive threat analysis capabilities utilising historical data patterns and behavioural analytics to identify emerging security risks,with training datasets spanning a minimum of 6 months of threat data as specified in CSI Product-Oriented Endorsement & Readiness Framework technical validation requirements, enabling ST-CSF.001 proactive identification of Hybrid Risks and Systemic Risks before they manifest.
3. Automated response coordination must be implemented across security domains with machine learning algorithms optimising incident response workflows and resource allocation, including automated playbooks, SOAR integration, and orchestration engines validated through live proof-of-concept deployments, aligned with the CSI Product-Oriented Endorsement & Readiness Framework Operational Capability domain and supporting ST-CSF.001 unified incident response for Cascading Risks mitigation.
4. Continuous learning mechanisms must be deployed to improve threat detection accuracy and reduce false positive rates through adaptive algorithm refinement,demonstrating CSI Product-Oriented Endorsement & Readiness Framework Innovation & Intelligence evaluation dimension maturity and supporting ST-CSF.001 adaptive response to evolving Hybrid Risks.
5. AI/ML systems must include specific capabilities for detecting and responding to Hybrid Risks that exploit vulnerabilities across both physical and digital domains simultaneously, supporting the CSI Product-Oriented Endorsement & Readiness Framework, Cross-Functional Collaboration and Strategy & Risk Management capability domains while enabling ST-CSF.001 unified threat correlation across cyber-physical boundaries.
6. Machine learning algorithms must monitor for Systemic Risks and interconnected system failures that can cascade across multiple operational areas,addressing the CSI Product-Oriented Endorsement & Readiness Framework Operations & Resilience and Digital Resilience capability domains whilesupporting ST-CSF.001 early warning systems for organisational-wide disruption prevention.
7. Predictive analytics must identify potential Cascading Risks and sequential failures that could propagate through organisational dependencies, supporting the CSI Product-Oriented Endorsement & Readiness Framework Strategic Governance and Audit & Assurance capability domains while enabling ST-CSF.001 proactive mitigation of amplified impact scenarios beyond original threat scope.

7. Documentation and Governance Requirements

1. Organisations must maintain comprehensive documentation demonstrating operational use and effectiveness of integrated systems, aligned with CSI Product-Oriented Endorsement & Readiness Framework Audit & Assurance capability domain and supporting ST-CSF.001 evidence-based risk management across all converged security operations.
2. Documentation must include system architecture diagrams, integration specifications, and operational procedures, meeting CSI Product-Oriented Endorsement & Readiness Framework Technical Architecture capability domain requirements and enabling ST-CSF.001 transparency in converged security implementation.
3. Incident logs and response records must demonstrate coordinated cross-domain security operations, supporting CSI Product-Oriented Endorsement & Readiness Framework Operations & Resilience capability domain and ST-CSF.001 unified incident management across Hybrid Risks, Systemic Risks, and Cascading Risks.
4. Organisations must establish governance mechanisms for overseeing technology architecture and platform lifecycle management, demonstrating CSI Product-Oriented Endorsement & Readiness Framework Strategic Governance capability domain alignment and supporting ST-CSF.001 executive oversight of converged security risk posture.
5. Governance must include defined roles and responsibilities for system administration, security operations, and continuous improvement activities, aligned with CSI Product-Oriented Endorsement & Readiness Framework Leadership& Governance capability domain and supporting ST-CSF.001 accountability frameworks for unified risk management.
6. Regular review processes must ensure ongoing alignment with organisational security objectives and regulatory requirements, meeting CSI Product-Oriented Endorsement & Readiness Framework Legal & Compliance capability domain standards and supporting ST-CSF.001 continuous improvement of converged security effectiveness.
7. All systems and processes must comply with applicable European Union cybersecurity directives, data protection regulations, and sector-specific security requirements, demonstrating CSI Product-Oriented Endorsement & Readiness Framework Compliance Readiness evaluation dimension excellence and supporting ST-CSF.001 regulatory convergence across all security domains.
8. All systems and processes must demonstrate alignment with the ST-CSF.001 Converged Security Framework unified risk management approach, addressing Hybrid Risks, Systemic Risks, and Cascading Risks across all security domains while meeting the CSI Product-Oriented Endorsement & Readiness Framework comprehensive capability domain and evaluation dimension requirements for enterprise-ready converged security solutions.

ANNEX A - ASSOCIATED DOCUMENTS

Organisations must refer to the following associated documents for detailed implementation guidance:

AD-CSF.TIA.001 - Technology Integration Architecture Standards

PURPOSE: This document provides mandatory technical standards for implementing ST-CSF.TIA.001 Technology Integration and Architecture in compliance with CSI Product-Oriented Endorsement & Readiness Framework evaluation dimensions.

INTEGRATION STANDARDS

1. Platform Integration (CSI Interoperability Dimension)
   • SIEM/PSIM unified deployment requirements with support for at least 2 SIEM platforms (Splunk,ArcSight, Sentinel)
   • API security standards including mutual TLS, rate limiting,OAuth2 authentication
   • Interoperability protocols including ONVIF for physical security, STIX/TAXII for threat intelligence
   • Zero Trust Architecture implementation with policy enforcement and segmentation engines
2. Identity and Access Management (CSI Technical Architecture Alignment)
   • Unified IAM system requirements supporting RBAC, MFA, and SSO
   • Multi-factor authentication standards with adaptive risk-based policies
   • Privileged access management integration with identity lifecycle support
   • Dynamic risk-based authentication with behavioural analytics
3. Network Security (CSI Deployment Maturity Requirements)
   • Network segmentation for IT/OT/IoT environments with microsegmentation capabilities
   • Controlled interface specifications supporting modular architecture
   • Encryption standards across all domains meeting EN and ISO requirements
   • Traffic monitoring and analysis requirements with ML-based anomaly detection
4. AI/ML Integration (CSI Innovation & Intelligence Dimension)
   • Automated threat detection with ML models trained on a minimum of 6 months of threat data
   • Predictive analytics implementation with risk forecasting capabilities
   • Cross-domain correlation capabilities supporting hybrid risk detection
   • Machine learning model validation with continuous learning mechanisms

AD-CSF.TIA.002 - Implementation and Assessment Guide

PURPOSE: This document provides mandatory implementation procedures and assessment criteria for ST-CSF.TIA.001 is aligned with the CSI Product-Oriented Endorsement & Readiness Framework certification pathway.

IMPLEMENTATION PHASES:

• Phase 1: Assessment and Planning (Months 1-3)
  • Conduct baseline technology architecture assessment aligned with CSI Product-Oriented Endorsement &Readiness Framework evaluation dimensions
  • Identify integration gaps across Interoperability, Compliance Readiness, and Deployment Maturity
  • Develop unified platform roadmap addressing Hybrid Risks, Systemic Risks, and Cascading Risks
  • Establish governance structure following CSI Product-Oriented Endorsement &Readiness Framework credentialing requirements
  • Define cross-domain KPIs aligned with CSI scoring matrix criteria
• Phase 2: SIEM/PSIM Deployment (Months 4-8)
  • Deploy unified SIEM platform with validated data ingestion from minimum 75% of security systems
  • Implement PSIM platform with physical security integration supporting EN 50131, EN 50518 standards
  • Establish basic monitoring and alerting capabilities with 99.9% uptime SLA
  • Deploy identity and access management foundations with RBAC and MFA
  • Implement network security controls with IT/OT/IoT segmentation
• Phase 3: Cross-Domain Integration (Months 6-12)
  • Implement SIEM/PSIM integration protocols with bidirectional data sharing
  • Deploy Zero Trust Architecture components with continuous verification and segmentation
  • Integrate AI/ML threat detection capabilities with predictive analytics and automation
  • Establish unified dashboards with role-based access and multilingual support
  • Implement coordinated incident response procedures with automated escalation
• Phase 4: Operational Excellence (Months 12-18)
  • Conduct cross-domain security exercises validating integrated response capabilities
  • Implement continuous monitoring systems aligned with CSI Product-Oriented Endorsement &Readiness Framework performance metrics
  • Establish KPIs and benchmarking against CSI certification scoring criteria
  • Deploy adaptive security frameworks with continuous improvement mechanisms
  • Complete compliance validation and CSI certification assessment

AD-CSF.TIA.003 - Cross-Domain Incident Response Procedures

PURPOSE: This document defines mandatory incident response procedures for technology integration environments aligned with ST-CSF.001 Converged Security Framework incident response requirements.

INCIDENT CLASSIFICATION:

• Class 1: Hybrid Incidents (ST-CSF.001 Hybrid Risks)
  • Simultaneous SIEM and PSIM platform alerts
  • Coordinated attacks exploiting integrated vulnerabilities across physical and digital domains
  • Incidents requiring unified response coordination per ST-CSF.001 protocols
• Class 2: Systemic Integration Failures (ST-CSF.001 Systemic Risks)
  • SIEM/PSIM communication disruptions affecting multiple domains
  • API gateway or middleware failures with cascading effects
  • Cross-domain authentication issues impacting organisational operations
• Class 3: Cascading Technology Incidents (ST-CSF.001 Cascading Risks)
  • AI/ML system failures propagating across security domains
  • Predictive analytics system degradation affecting threat detection
  • Sequential failures in integrated platforms

RESPONSE PROCEDURES:

• Detection and Alerting
  • Unified alerting across integrated platforms following ST-CSF.001 protocols
  • Automated correlation of cross-domain indicators
  • Immediate escalation for critical integrations
• Response Team Activation
  • Cross-platform response team mobilisation per ST-CSF.001 governance structure
  • Unified command structure activation
  • Clear communication protocols and authority
• Containment and Recovery
  • Coordinated containment across platforms
  • Integration restoration procedures
  • Business continuity activation aligned with ST-CSF.001 requirements

Certification Requirements

Operational Visibility

The Applicant shall maintain unified monitoring dashboards that provide real-time situational awareness across both cyber and physical security domains.

1. Dashboards shall display consolidated threat intelligence, incident status, and operational metrics from both SIEM and PSIM platforms.
2. Role-based access controls shall ensure appropriate visibility levels for different operational personnel.

Documentation Requirements

The Applicant shall maintain comprehensive documentation demonstrating operational use and effectiveness of integrated systems.

1. Documentation shall include system architecture diagrams, integration specifications, and operational procedures.
2. Incident logs and response records shall demonstrate coordinated cross-domain security operations.

Governance Structure

The Applicant shall establish governance mechanisms for overseeing technology architecture and platform lifecycle management.

1. Governance shall include defined roles and responsibilities for system administration, security operations, and continuous improvement activities.
2. Regular review processes shall ensure ongoing alignment with organizational security objectives and regulatory requirements.

Regulatory Compliance

All systems and processes shall comply with applicable European Union cybersecurity directives, data protection regulations, and sector-specific security requirements.

ST-CSF.001 Framework Integration

All systems and processes shall demonstrate alignment with the ST-CSF.001 Converged Security Framework unified risk management approach, addressing Hybrid Risks, Systemic Risks, and Cascading Risks across all security domains.

Associated Documentation Compliance

The Applicant shall maintain compliance with associated documents including AD-CSF.001 (Converged Security Framework Terminology), AD-CSF.TIA.001 (Technology Integration Architecture Standards),AD-CSF.TIA.002 (Implementation and Assessment Guide), AD-CSF.TIA.003(Cross-Domain Incident Response Procedures), and other relevant framework documentation as applicable to Technology Integration and Architecture implementation.

Assessment and Certification Process

Application Submission

1. The Applicant shall submit a complete certification application including all required documentation, technical specifications, and evidence of system deployment as specified in the CSI Trustmark Framework.
2. Applications must demonstrate compliance with applicable European Union cybersecurity directives, data protection regulations, and sector-specific requirements.
3. CSI shall acknowledge receipt of applications within ten (10) business days and conduct an initial completeness review within twenty (20) business days.

Assessment Methodology

1. CSI shall evaluate applications against the Integration Dimension and Assurance Dimension Assessment Criteria specified in the CSI Trustmark Framework.
2. The assessment process shall include desktop review of submitted documentation, technical architecture validation, and where applicable, on-site verification of deployed systems.
3. Assessors shall verify evidence of SIEM and PSIM platform deployment,Cross-domain Integration capabilities, and operational use cases demonstrating unified security operations.

Evaluation Timeline

1. Standard assessments shall be completed within sixty (60) business days from receipt of complete application materials.
2. Complex assessments involving multiple sites or legacy system integrations may extend the evaluation period by up to thirty (30) additional business days with written notice to the Applicant.

Decision Process

1. CSI shall issue certification decisions based on documented scoring against established Assessment Criteria, with decisions communicated in writing within ten (10) business days of assessment completion.
2. Conditional certifications may be granted where minor deficiencies exist,subject to remediation within specified timeframes and verification of corrective actions.
3. Applications not meeting minimum requirements shall receive detailed feedback identifying specific deficiencies and recommendations for resubmission.

Appeals and Disputes

1. Applicants may appeal certification decisions within thirty (30) days of notification, with appeals subject to independent review under procedures established by CSI.
2. Disputes arising under this Policy shall be resolved in accordance with European Union law and subject to the jurisdiction of competent courts within the European Union.

Exceptions and Waivers

Exception Eligibility

Organisations may request exceptions from specific requirements of this Policy where full compliance is not technically feasible due to sector-specific regulatory constraints, critical infrastructure limitations, or legacysystem dependencies that cannot be reasonably remediated within the certification timeline.

Waiver Application Process

Applications for exceptions must be submitted in writing to CSI at least ninety (90) days before the intended certification assessment date, including detailed technical justification and proposed alternative measures.

1. The application must identify the specific Policy requirements for which exception is sought and provide evidence of the technical or regulatory impediments preventing compliance.
2. Applicants must demonstrate that the exception request represents a genuine operational necessity rather than a preference for cost reduction or administrative convenience.

Mitigation Plan Requirements

All exception requests must include a comprehensive Mitigation Plan detailing Compensating Controls that provide equivalent security outcomes through alternative technical or procedural measures.

1. The Mitigation Plan must specify implementation timelines, responsible parties, and measurable performance indicators for the proposed Compensating Controls.
2. Compensating Controls must maintain the overall security posture and risk profile intended by the original Policy requirements.

Approval Authority

Exception requests shall be evaluated by the CSI Technical Review Board, which may approve, reject, or require modifications to the proposed Mitigation Plan based on technical merit and risk assessment.

Conditional Approval

Approved exceptions are granted subject to ongoing compliance monitoring, periodic review, and demonstration of continuous improvement toward full Policy compliance where technically feasible.

1. Exception approvals are valid for a maximum period of two (2) years and must be renewed through reapplication if continued deviation from Policy requirements is necessary.
2. CSI reserves the right to revoke exception approvals if Compensating Controls prove inadequate or if technological developments render the original impediments obsolete.

Documentation and Transparency

Organizations operating under approved exceptions must maintain detailed records of Compensating Controls implementation and provide regular status reports to CSI as specified in the exception approval terms.

Implementation Timeline

Initial Assessment Phase

Within sixty (60) days of Policy execution, the Applicant shall submit a comprehensive technology architecture assessment documenting existing SIEM and PSIM capabilities, integration gaps, and proposed implementation roadmap.

Phase 1 - Foundation Implementation

Within one hundred eighty (180) days of Policy execution, the Applicant shall deploy functional SIEM and PSIM platforms with documented data feeds from core cybersecurity and physical security systems respectively.

1. The Applicant shall provide evidence of active data ingestion from at least seventy-five per cent (75%) of identified security systems within this timeframe.
2. Basic monitoring dashboards and alerting capabilities must be operational and documented.

Phase 2 - Integration Development

Within three hundred sixty (360) days of Policy execution, the Applicant shall implement cross-domain integration protocols enabling interoperability between SIEM and PSIM platforms.

1. Integration middleware or direct API connections must demonstrate real-time data sharing capabilities.
2. Unified operational interfaces providing consolidated situational awareness across cyber-physical domains shall be deployed and tested.

Phase 3 - Full Operational Capability

Within five hundred forty (540) days of Policy execution, the Applicant shall achieve complete compliance with all Policy requirements, including coordinated incident response procedures and governance structures.

Milestone Reporting

The Applicant shall submit progress reports to CSI at ninety(90) day intervals throughout the implementation period, documenting achievements,challenges, and any required timeline adjustments.

Final Certification Assessment

CSI shall conduct the formal Certification assessment within sixty (60) days following the Applicant's declaration of full operational capability.

Extension Provisions

Timeline extensions may be granted by CSI for documented technical constraints or regulatory dependencies, provided written request is submitted no later than thirty (30) days prior to the affected milestone.

Monitoring and Review

Ongoing Compliance Monitoring

The Applicant shall implement continuous monitoring systems to demonstrate ongoing compliance with this Policy, including automated reporting mechanisms that track system integration performance, incident response coordination effectiveness, and cross-domain operational metrics.

Periodic Certification Review

CSI shall conduct comprehensive reviews of the Applicant's Certification status at intervals not exceeding twenty-four (24) months,or more frequently as determined by material changes to the Applicant's technology architecture, regulatory requirements, or security threat landscape.

Annual Self-Assessment

The Applicant shall complete and submit annual self-assessment reports documenting compliance with all Policy requirements, including evidence of system performance, integration effectiveness, and any material changes to Technology Integration and Architecture configurations.

Performance Metrics Reporting

The Applicant shall maintain and provide quarterly reports on key performance indicators including but not limited to system availability, cross-domain integration response times, incident correlation accuracy,and unified platform operational effectiveness.

Audit Rights and Access

CSI reserves the right to conduct on-site or remote audits of the Applicant's integrated security systems with reasonable notice, and the Applicant shall provide necessary access to personnel, documentation, and technical systems for Certification verification purposes.

Policy Review and Amendment

This Policy shall be reviewed by CSI at intervals not exceeding thirty-six (36) months to ensure continued alignment with European Union regulatory developments, technological advances, and industry best practices,with amendments communicated to certified organizations with ninety (90) days advance notice.

Regulatory Change Management

The Applicant shall notify CSI within thirty (30)days of any material changes to applicable EU regulations, sector-specific requirements, or organizational circumstances that may impact Policy compliance or Certification validity.

Data Protection Compliance

All monitoring and review activities shall comply with applicable European Union data protection legislation, including GDPR requirements for data processing, retention, and cross-border transfers of personal data collected through integrated security systems.

Continuous Improvement Requirements

The Applicant shall demonstrate commitment to continuous improvement through documented processes for incorporating lessons learned, addressing identified deficiencies, and enhancing Technology Integration and Architecture capabilities based on monitoring results and review findings.

Non-Compliance and Enforcement

Non-Compliance Determination

1. Non-compliance occurs when an Applicant fails to meet the minimum requirements specified in this Policy or maintains systems that do not conform to the assessed Technology Integration and Architecture standards.
2. CSI may determine non-compliance through periodic audits, incident investigations, third-party reports, or self-disclosure by the Applicant.
3. Material changes to integrated systems or architecture without prior notification to CSI constitute non-compliance with ongoing Certification obligations.

Immediate Consequences

1. Upon determination of non-compliance, CSI shall issue a formal notice specifying the nature of non-compliance and required corrective actions.
2. The Applicant's Certification status may be suspended immediately where non-compliance poses significant security risks or regulatory violations.
3. Suspended organisations must cease use of CSI Trustmark certification marks and related representations until compliance is restored.

Remediation Requirements

1. Non-compliant Applicants must submit a detailed remediation plan within thirty (30) days of receiving notice, including specific timelines for corrective measures.
2. Implementation of remediation measures must be completed within ninety (90) days unless CSI approves an extended timeline based on technical complexity or regulatory constraints.
3. Applicants bear all costs associated with remediation activities and subsequent re-assessment procedures.

Certification Revocation

1. CSI may permanently revoke Certification where remediation efforts fail,non-compliance is repeated, or the Applicant demonstrates unwillingness to maintain required standards.
2. Revoked organisations are prohibited from reapplying for Certification for a minimum period of twelve (12) months from the revocation date.

Appeals Process

1. Applicants may appeal non-compliance determinations or enforcement actions by submitting a written notice within twenty-one (21) days to CSI's appeals committee.
2. Appeals shall be resolved through binding arbitration in accordance with European Union alternative dispute resolution procedures where internal resolution is unsuccessful.

Legal Enforcement

1. CSI reserves the right to pursue legal remedies under applicable European Union and member state laws for unauthorized use of certification marks or misrepresentation of certification status.
2. Non-compliance may be reported to relevant regulatory authorities where sectoral requirements or data protection obligations are implicated.

Data Protection and Privacy

GDPR Compliance Framework

1. The Applicant shall ensure all data processing activities within integrated SIEM and PSIM platforms comply with Regulation (EU) 2016/679(General Data Protection Regulation) and applicable national implementing legislation.
2. Data processing shall be conducted only on lawful bases as defined in Article 6 GDPR, with particular attention to legitimate interests assessments for security monitoring activities.
3. Special category personal data processing shall comply with Article 9 GDPR requirements, including explicit consent or substantial public interest derogations where applicable.

Data Controller and Processor Responsibilities

4. The Applicant shall clearly define data controller and processor roles for all integrated security systems and maintain current records of processing activities pursuant to Article 30 GDPR.
5. Where third-party vendors provide SIEM or PSIM services, appropriate data processing agreements compliant with Article 28 GDPR shall be executed.

Privacy by Design Implementation

6. Technology Integration and Architecture shall incorporate privacy by design and by default principles as required under Article 25 GDPR.
7. Data minimization principles shall be applied to cross-domain integration,ensuring only necessary personal data is processed for legitimate security purposes.

Cross-Border Data Transfers

8. Any transfer of personal data outside the European Economic Area shall comply with Chapter V GDPR transfer mechanisms.
9. Integrated platforms shall maintain data localization capabilities to ensure EU data residency where required by applicable sector-specific regulations.

Data Subject Rights

10. The Applicant shall establish procedures to respond to data subject rights requests within GDPR timelines, including access, rectification, erasure,and portability rights.
11. Unified monitoring systems shall be configured to facilitate data subject rights exercise without compromising security monitoring effectiveness.

Data Retention and Deletion

12. Personal data retention periods shall be defined for all integrated security systems based on purpose limitation and storage limitation principles under Articles 5(1)(b) and 5(1)(e) GDPR.
13. Automated deletion procedures shall be implemented across SIEM and PSIM platforms to ensure timely data erasure upon retention period expiry.

Security of Processing

14. Technical and organizational measures shall be implemented pursuant to Article 32 GDPR to ensure appropriate security of personal data processed through integrated platforms.
15. Data breach notification procedures shall comply with Articles 33 and 34 GDPR, including supervisory authority notification within 72 hours where required.

Governing Law and Jurisdiction

1. This Policy and all matters arising from or relating to the CSI Trustmark Framework certification process shall be governed by and construed in accordance with the laws of the European Union and the national laws of the Member State where the Applicant is established.
2. Any disputes, controversies, or claims arising out of or relating to this Policy, its breach, termination, or validity shall be subject to the exclusive jurisdiction of the competent courts of the European Union.
   1. Where the Applicant is established in a specific Member State, the courts of that Member State shall have primary jurisdiction over disputes relating to Certification processes and compliance obligations.
   2. Cross-border disputes involving multiple Member States shall be resolved according to applicable EU conflict of laws rules and relevant Brussels Regulation provisions.
3. All parties acknowledge that this Policy must comply with applicable European Union directives and regulations, including but not limited to the Network and Information Systems Directive (NIS2), General Data Protection Regulation (GDPR),and Cybersecurity Act.
4. Where Cross-domain Integration involves processing of personal data across Member State boundaries, such activities shall comply with GDPR requirements for cross-border data transfers and lawful bases for processing.
5. The parties agree that enforcement of Certification requirements and Assessment Criteria shall be consistent with EU principles of proportionality, non-discrimination, and due process.
6. Any amendments to this Policy necessitated by changes in EU law or regulatory guidance shall take precedence over conflicting provisions herein. By signing below,the parties acknowledge their agreement to the terms and conditions outlined in this Policy and confirm their authority to bind their respective organisations to these obligations.