Certification Certification is the provision by an independent body of written assurance (a certificate) that the product, service or system in question meets specific requirements. It is the formal attestation or confirmation of certain characteristics of a ...

and accreditation (C&A or CnA) is a process for implementing any formal process. It is a systematic procedure for evaluating, describing,

testing An examination (exam or evaluation) or test is an educational assessment intended to measure a test-taker's knowledge, skill, aptitude, physical fitness, or classification in many other topics (e.g., beliefs). A test may be administered verba ...

, and authorizing

system A system is a group of Interaction, interacting or interrelated elements that act according to a set of rules to form a unified whole. A system, surrounded and influenced by its environment (systems), environment, is described by its boundaries, ...

s or activities prior to or after a system is in operation. The process is used extensively across the world.

Definitions

is a comprehensive evaluation of a process,

, product, event, or skill, typically measured against some existing norm or standard. Industry and/or

trade association A trade association, also known as an industry trade group, business association, sector association or industry body, is an organization founded and funded by businesses that operate in a specific Industry (economics), industry. An industry tra ...

s will often create

certification programs Professional certification, trade certification, or professional designation, often called simply ''certification'' or ''qualification'', is a designation earned by a person to assure qualification to perform a job or task. Not all certifications ...

to test and evaluate the skills of those performing services within the interest area of that association. Testing laboratories may also certify that certain products meet pre-established standards, or governmental agencies may certify that a company is meeting existing

regulation Regulation is the management of complex systems according to a set of rules and trends. In systems theory, these types of rules exist in various fields of biology and society, but the term has slightly different meanings according to context. For ...

s (e.g., emission limits). Accreditation is the formal declaration by a neutral third party that the certification program is administered in a way that meets the relevant norms or standards of certification program (e.g.,

ISO/IEC 17024 ISO/IEC 17024: Conformity assessment - General requirements for bodies operating certification of persons is an International Standard which specifies criteria for the operation of a personnel certification body (also known as a 'certification ...

National bodies

Many nations have established specific bodies.

United Kingdom

In the United Kingdom, for example, an organization known as

United Kingdom Accreditation Service The United Kingdom Accreditation Service (UKAS) is the sole national accreditation body recognised by the British government to assess the competence of organisations that provide certification, testing, inspection and calibration services. It e ...

(UKAS) has been established as the nation's official accreditation body. Most European nations have similar organizations established to provide accreditation services within their borders.

United States

There is no such "approved" accreditation body within the United States, however. As a result, over the years multiple accreditation bodies have become established to address the accreditation needs of specific industries or market segments. Some of these accreditation services are for profit entities, however the majority are not-for-profit bodies that provide accreditation services as part of their mission.

Information security

Certification and accreditation is a two-step process that ensures

security Security is protection from, or resilience against, potential harm (or other unwanted coercive change) caused by others, by restraining the freedom of others to act. Beneficiaries (technically referents) of security may be of persons and social ...

information system An information system (IS) is a formal, sociotechnical, organizational system designed to collect, process, store, and distribute information. From a sociotechnical perspective, information systems are composed by four components: task, people ...

s. Certification is the process of evaluating, testing, and examining security controls that have been pre-determined based on the data type in an information system. The evaluation compares the current systems’ security posture with specific standards. The certification process ensures that security weaknesses are identified and plans for mitigation strategies are in place. On the other hand, accreditation is the process of accepting the residual risks associated with the continued operation of a system and granting approval to operate for a specified period of time. In IT governance, the primary reason why certification and accreditation (C&A) process is being performed on critical systems is to ensure that the security compliance has been technically evaluated. Certified and accredited systems are systems that have had their security compliance technically evaluated for optimal performance in a specific environment and configuration. These certified systems are hereby evaluated to run in a specific working environment.

References

{{Reflist

External links

ICAC – International Certification Accreditation Council

FISMApedia Certification and Accreditation Terms

Indian Council for Technical Research and Development Website, Provides Accreditation for Companies
Quality assurance Accreditation