Certification and Accreditation: Difference between revisions

Content deleted Content added

Inline

Latest revision as of 13:19, 12 October 2023

Certification and accreditation (C&A or CnA) is a process for implementing any formal process. It is a systematic procedure for evaluating, describing, testing, and authorizing systems or activities prior to or after a system is in operation. The process is used extensively across the world.

Definitions

Certification is a comprehensive evaluation of a process, system, product, event, or skill, typically measured against some existing norm or standard. Industry and/or trade associations will often create certification programs to test and evaluate the skills of those performing services within the interest area of that association. Testing laboratories may also certify that certain products meet pre-established standards, or governmental agencies may certify that a company is meeting existing regulations (e.g., emission limits).

Accreditation is the formal declaration by a neutral third party that the certification program is administered in a way that meets the relevant norms or standards of certification program (e.g., ISO/IEC 17024).

National bodies

Many nations have established specific bodies.

United Kingdom

In the United Kingdom, for example, an organization known as United Kingdom Accreditation Service (UKAS) has been established as the nation's official accreditation body. Most European nations have similar organizations established to provide accreditation services within their borders.

United States

There is no such "approved" accreditation body within the United States, however. As a result, over the years multiple accreditation bodies have become established to address the accreditation needs of specific industries or market segments. Some of these accreditation services are for profit entities, however the majority are not-for-profit bodies that provide accreditation services as part of their mission.

Information security

Certification and accreditation is a two-step process that ensures security of information systems.^[1] Certification is the process of evaluating, testing, and examining security controls that have been pre-determined based on the data type in an information system. The evaluation compares the current systems' security posture with specific standards. The certification process ensures that security weaknesses are identified and plans for mitigation strategies are in place. On the other hand, accreditation is the process of accepting the residual risks associated with the continued operation of a system and granting approval to operate for a specified period of time.

In IT governance, the primary reason why certification and accreditation (C&A) process is being performed on critical systems is to ensure that the security compliance has been technically evaluated. Certified and accredited systems are systems that have had their security compliance technically evaluated for optimal performance in a specific environment and configuration. These certified systems are hereby evaluated to run in a specific working environment.

References

^ Musa, Dr. Sam. "Certification and Accreditation (AKA: Assessment and Authorization" – via Academia.edu. {{cite journal}}: Cite journal requires |journal= (help)

External links

[1] Musa, Dr. Sam. "Certification and Accreditation (AKA: Assessment and Authorization" – via Academia.edu. {{cite journal}}: Cite journal requires |journal= (help)

[1]

@@ Line 1: / Line 1: @@
-{{Use dmy dates|date=July 2013}}
+{{Use dmy dates|date=October 2023}}
+{{Multiple issues|
-{{Underlinked|date=July 2013}}
+ {{more citations needed|date=February 2017}}
+ {{notability|date=February 2017}}
+}}
-'''[[Certification]] and [[Accreditation]] (C&A or CnA)''' is a process for implementing any formal process.   It is a systematic procedure for evaluating, describing, testing and authorizing systems or activities prior to or after a system is in operation.  The C&A process is used extensively across the world.
+'''[[Certification]] and [[accreditation]] (C&A or CnA)''' is a process for implementing any formal process. It is a systematic procedure for [[Evaluation|evaluating]], [[Description|describing]], [[Test (assessment)|testing]], and [[Authorization|authorizing]] [[system]]s or activities prior to or after a system is in operation. The process is used extensively across the world.
 == Definitions ==
+{{Unreferenced section|date=February 2017}}
-[[Certification]] is a comprehensive evaluation of a process, system, product, event, or skill typically measured against some existing norm or standard.  Industry and/or trade associations will often create certification programs to test and evaluate the skills of those performing services within the interest area of that association.  But testing laboratories may also certify that certain products meet pre-established standards, or governmental agencies may certify that a company is meeting existing regulations (such as emission limits).
+[[Certification]] is a comprehensive evaluation of a process, [[system]], product, event, or skill, typically measured against some existing norm or standard. Industry and/or [[trade association]]s will often create [[certification programs]] to test and evaluate the skills of those performing services within the interest area of that association. Testing laboratories may also certify that certain products meet pre-established standards, or governmental agencies may certify that a company is meeting existing [[regulation]]s (e.g., emission limits).
-[[Accreditation]] is the formal declaration by a neutral third party that the certification program is administered in a way that meets the relevant norms or standards.  Many nations have established specific bodies.  In the United Kingdom, for example, an organization known as United Kingdom Accreditation Service (UKAS)has been established as the nation's official accreditation body. Most European nations have similar organizations established to provide accreditation services within their borders.
+[[Accreditation]] is the formal declaration by a neutral third party that the certification program is administered in a way that meets the relevant norms or standards of certification program (e.g., [[ISO/IEC 17024]]).
-There is no such “approved” accreditation body within the United States, however. As a result, over the years multiple accreditation bodies have become established to address the accreditation needs of specific industries or market segments. Some of these accreditation services are for profit entities, however the majority are not-for-profit bodies that provide accreditation services as part of their mission.
+== National bodies ==
-==References==
+Many nations have established specific bodies.
+=== United Kingdom ===
+In the United Kingdom, for example, an organization known as [[United Kingdom Accreditation Service]] (UKAS) has been established as the nation's official accreditation body. Most European nations have similar organizations established to provide accreditation services within their borders.
+=== United States ===
+There is no such "approved" accreditation body within the United States, however. As a result, over the years multiple accreditation bodies have become established to address the accreditation needs of specific industries or market segments. Some of these accreditation services are for profit entities, however the majority are not-for-profit bodies that provide accreditation services as part of their mission.
+== Information security ==
+Certification and accreditation is a two-step process that ensures [[Information security|security]] of [[information system]]s.<ref>{{cite journal|url=https://www.academia.edu/6019006|title=Certification and Accreditation (AKA: Assessment and Authorization|first=Dr. Sam|last=Musa|via=Academia.edu}}</ref> Certification is the process of evaluating, testing, and examining security controls that have been pre-determined based on the data type in an information system.  The evaluation compares the current systems' security posture with specific standards.  The certification process ensures that security weaknesses are identified and plans for mitigation strategies are in place. On the other hand, accreditation is the process of accepting the residual risks associated with the continued operation of a system and granting approval to operate for a specified period of time.
+In IT governance, the primary reason why certification and accreditation (C&A) process is being performed on critical systems is to ensure that the security compliance has been technically evaluated. Certified and accredited systems are systems that have had their security compliance technically evaluated for optimal performance in a specific environment and configuration. These certified systems are hereby evaluated to run in a specific working environment.
+== References ==
 {{Reflist}}
 == External links ==
-* [http://www.icacnet.org ICAC - International Certification Accreditation Council]
+* [http://www.icacnet.org/ ICAC – International Certification Accreditation Council]
-* [http://www.fismapedia.org/index.php?title=Certification_and_Accreditation FISMApedia Certification and Accreditation Terms]
+* [https://web.archive.org/web/20110726055231/http://www.fismapedia.org/index.php?title=Certification_and_Accreditation FISMApedia Certification and Accreditation Terms]
+* [https://web.archive.org/web/20120426023438/http://www.ictrd.in/ Indian Council for Technical Research and Development Website, Provides Accreditation for Companies]
-* [http://www.phpcirtification.in PHP Certification in Technology Information Guide]
-* [http://www.ictrd.in Indian Council for Technical Research and Development Website, Provides Accreditation for Companies]
-{{DEFAULTSORT:Certification And Accreditation}}
 [[Category:Quality assurance]]
 [[Category:Accreditation]]