Data collection is becoming more and more important in various fields where weighing instruments are used. In applications from digitalisation of industrial production to food processing, data is used and shared between different machines and instruments. Consequently, it is important that this data transmission - the electronic transfer of data from one device to another - is reliable.
CECIP, the European weighing industry association, believes that, from a legal metrology point of view, there needs to be control of metrologically significant information. However, the level of legally prescribed control should be appropriate.
Where is control needed?
There are currently various cases where controls and security of communication need to be considered. Some examples:
- Communication between components of an instrument
- Download of firmware/software to an instrument in service
- Transmission of data from a complete instrument to an external system or device
The need for reliable controls
The controls introduced for cases as described above should ensure the reliability of the data transmitted. However, they should not put a disproportionate burden on the manufacturer or installer. If requirements regarding controls and security of communication become too onerous and disproportionate to the potential risks, there are several possible negative impacts.
Avoiding a disproportionate burden is made more challenging due to the fact that technology might develop faster than the regulations and standards drafted to control technology applications. It is difficult to predict the technological developments that will occur in the future and how controls in place shall be applied. This should be taken into account when defining appropriate controls.
Controls should strike the right balance
CECIP is convinced that the right balance needs to be found between risk management and the burden of the controls. To find such a balance the following principles should be taken into account:
- Any data transmitted must be correct. Some applications may require verification/validation.
- For metrological processing such as totalising or price calculation performed by a separate system then an alibi device; must be utilised.
- If components of an instrument communicate over an open network, then an appropriate level of security is required to ensure integrity of the data. This may require encryption and authentication.
- The classification of systems should be appropriate bearing in mind the implications due to controls of data transmission. This is particularly relevant when considering the different levels of protection required for communication between components of an instrument and between an instrument and an external system.
CECIP hopes these principles can be followed when for controls defining (essential) requirements in national, European or international standards and legislation.
The full position paper can be found here.