How trustworthy are integrators and/or manufacturers in security?

Trustworthiness is very much a personal attribute, but it needs to be empowered by the leadership team of a company who, in the best case, value honesty, openness, and transparency. So, what are some of the signs to look for when identifying a trustworthy manufacturer? I guess the key time for assessing trustworthiness is when things are going wrong. For manufacturers, this is most likely to be when there are product problems or faults. A manufacturer that backs their hardware will have extended warranty periods, protecting the end user from issues in the component or manufacturing of a product. In a similar vein, cybersecurity issues and the openness with which these are communicated, is where trustworthy companies openly report Common Vulnerabilities and Exposures (CVEs) in the Mitre.org database. This provides transparency to end users and allows them to assess the issue and mitigate or upgrade to resolve in a way that best suits them.

Overall, most companies in the industry are trustworthy, although true reliability often becomes apparent when a project encounters challenges. Reputable integrators and manufacturers typically adhere to industry standards, hold relevant certifications, and have a proven track record of successful projects and callable references to support their claims. It's essential to research a company's history by looking for customer testimonials and case studies demonstrating their expertise and reliability. More importantly, it’s wise to talk with other end-users who have faced issues and how those were resolved. Consider how the representative responded and how the company handled the situation. Transparency is another key indicator of trustworthiness. Reliable companies are open about their processes, technologies, and third-party partnerships while prioritising ongoing support and updates as security needs evolve. Does a manufacturer communicate with the end-user when an issue arises, or do they shift blame? Engaging with companies that put the customer first and take responsibility for mistakes typically leads to the most trustworthy relationships, as these companies have nothing to hide and everything to gain by earning trust.

When it comes to the security, safety and accessibility of our built environment and its many systems, stakeholder trust is critical. As new solutions flood the market and information is more accessible than ever before, conscious manufacturers are building relationships by demonstrating complete transparency in their product communications – offering decision makers and end users clear evidence of product performance through testing methods, certifications, and environmental product declarations, for example. For those offering end-to-end solutions, it’s important to review and discuss track records also, opening communications on timelines, potential challenges, technical support, and long-term maintenance commitments as a way of building trust across the entire supply chain. In general, there is often evidence of reliable products being integrated heavily, but should end users remain unsure, it’s important to conduct further research into a manufacturer’s reputation. Reviews and case studies can show tangible examples of a product’s performance, however, where information is withheld or a well-established company is not seen to be working with many others, end users are encouraged to question why before it becomes too late.

Integrators and manufacturers are as trustworthy as their experience and the reputability of the technology they offer. As in hiring an employee, it is important to speak with references or to review case studies with existing customers to understand how the company does business. Verifying their certifications and licences is another way that integrators and manufacturers can build trust.