Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright (C) The Open Group 2014Copyright (C) The Open Group 201 Overview of Assessor Material The Open Trusted Technology Provider™ Standard (O-TTPS)

Similar presentations


Presentation on theme: "Copyright (C) The Open Group 2014Copyright (C) The Open Group 201 Overview of Assessor Material The Open Trusted Technology Provider™ Standard (O-TTPS)"— Presentation transcript:

1 Copyright (C) The Open Group 2014Copyright (C) The Open Group 201 Overview of Assessor Material The Open Trusted Technology Provider™ Standard (O-TTPS) 1 “ Build with Integrity- Buy with Confidence™ ” Please note that most of the material in this slide set comes from existing reference documents that have been approved and published – in all cases those documents and any material that appears on the O-TTPS Accreditation website take precedence over what may appear in these slides.

2 Copyright (C) The Open Group 2014 Overview of Assessor Material 1. Assessor Requirements including Training & Exam (slides 1 – 7) 2. The Big Picture (slides ) 3. The Standard - The Open Trusted Technology Provider™ Standard (O-TTPS) (slides 25 – 35) 4. The Accreditation Program (slides ) 5. The Assessment Methodology (slides 60 – 92) 6. Recognized Assessor Agreement (slides 93 – 98) Training Materials Version 1.0 – February 3,

3 Copyright (C) The Open Group 2014Copyright (C) The Open Group 201 Part 1: Assessor Requirements including Training Material and Exam 3

4 Copyright (C) The Open Group 2014 Assessor Requirements including Training Material and Exam  Context for the training and eligibility to perform assessments:  The training material and exam are open to any individual who would like to be trained to perform O-TTPS Assessments.  Individuals must however meet additional criteria (specified in the O-TTPS Recognized Assessor Agreement and summarized in the following slides) and they must be employed by or hired by a company that is an O-TTPS Recognized Assessor company to participate in an actual O-TTPS Assessment.  An O-TTPS Recognized Assessor company is one that has signed the O-TTPS Recognized Assessor Agreement and legally agreed to all of the terms within the Agreement, including a requirement that any Assessors they assign to an O-TTPS Assessment will meet the criteria specified in the Agreement, which include completing the training program and passing the exam.  In order to successfully take the exam an individual must:  Contact The Open Group O-TTPS Accreditation Authority at:  Read all of the reference documents listed on the following slide*  Read through and understand these training slides*  Take the on-line open-book exam,  Register for and pay the exam fee  Receive a passing grade of 75% or higher.  The activities marked with an * should be completed before taking the exam.  If the Applicant does not pass the exam, they are permitted 2 re-takes per year. 4

5 Copyright (C) The Open Group 2014 Assessor Requirements including Training Material and Exam  Suggested Reading – Before taking the Exam (These documents can all be found on the O-TTPS Accreditation Website at the following link:  In order to successfully complete Preparation for the Exam an individual should read all of the reference documents listed below:  Accreditation Agreement  Accreditation Package Document, including the Assessment Report  Accreditation Policy  Accreditation Program Guide  Accreditation Requirements  Assessment Procedures  Conformance Statement Questionnaire  Implementation Selection Criteria Application (ISCA) Document  O-TTPS Recognized Assessor Agreement  The Open Trusted Technology Provider TM Standard (O-TTPS) 5

6 Copyright (C) The Open Group 2014 Assessor Requirements including Training Material and Exam  In addition to completing the training and passing the exam an individual must be employed by an O-TTPS Recognized Assessor company and meet the following criteria in order to actually participate in an O-TTPS Assessment. NOTE: that although these criteria were taken from the O-TTPS Recognized Assessor Agreement, The Agreement takes precedence over anything in these slides. It’s the responsibility of the Assessor and Recognized Assessor organization to understand and abide by ALL the terms in the Agreement. These training slides are only to increase awareness.  Personnel, Qualifications, and Training: i n order to perform assessments for the O-TTPS Accreditation Program, O-TTPS Recognized Assessor shall ensure that its Assessors (employees and/or contractors) performing Assessments on its behalf have the experience, knowledge, and training in the O-TTPS Standard, Accreditation Policy, and all the technical areas of the O-TTPS. These include the following criteria, satisfaction of which O-TTPS Recognized Assessor [Company] shall attest in writing to the Accreditation Authority:  The Assessor must:  Have been trained and have a minimum of 2 years’ experience in performing process audits or assessment of process conformance to standards based upon review of process documentation and associated records of process implementation. Acceptable training and certifications are:  ISO 9001 lead auditor  ISO/IEC lead auditor  CMMI-DEV appraisers  ISO/IEC or Common Criteria evaluator with experience in evaluating life-cycle assurance requirements  An ISO/IEC or FIPS tester with experience in testing the process requirements of that standard  Have sufficient knowledge of:  Supply chain management terminology and techniques  Technical knowledge of O-TTPS Attributes. Education and training on these topics should be included in the Assessor personnel’s training record.  The O-TTPS Attribute areas (See Section 4 of the O-TTPS for the Attributes – they are summarized on the following slide.)  Have successfully passed The Open Group Assessor examination covering the O-TTPS Standard and Accreditation program. 6

7 Copyright (C) The Open Group 2014 Assessor Requirements including Training Material and Exam  The Assessor must have sufficient knowledge of the O-TTPS Attribute Areas:  PD_DES: Software/Firmware/Hardware Design Process  PD_CFM: Configuration Management  PD_MPP: Well-defined Development/Engineering Method Process and Practices  PD_QAT: Quality and Test Management  PD_PSM: Product Sustainment Management  SE_TAM: Threat Analysis and Mitigation  SE_RTP: Run-time Protection Techniques  SE_VAR: Vulnerability Analysis and Response  SE_PPR: Product Patching and Remediation  SE_SEP: Secure Engineering Practices  SE_MTL: Monitor and Assess the Impact of Changes in the Threat Landscape  SC_RSM: Risk Management  SC_PHS: Physical Security  SC_ACC: Access Controls  SC_ESS: Employee and Supplier Security and Integrity  SC_BPS: Business Partner Security  SC_STR: Supply Chain Security Training  SC_ISS: Information Systems Security  SC_CTM: Counterfeit Mitigation  SC_MAL: Malware Detection 7

8 Copyright (C) The Open Group 2014Copyright (C) The Open Group 201 Part 2: The Big Picture 8

9 Copyright (C) The Open Group 2014 Securing the Global Supply Chain Enabling Providers to Raise the Bar on Security and Integrity The Open Group Trusted Technology Forum (OTTF) “Build with Integrity Buy with Confidence™ July,

10 Copyright (C) The Open Group 2014 Over 40,000 participants from Over 95 countries Over 500 memberships with HQs in 40 countries from 6 continents PolandQatar Russian Federation Saudi Arabia Singapore South Africa SpainSwedenSwitzerlandTaiwanTurkeyUK United Arab Emirates USA The Open Group Membership 10 ArgentinaAustraliaAustriaBelgiumBrazilCanadaChinaColombia Czech Republic DenmarkFinlandFranceGermany Hong Kong India ItalyJapanLuxembourgMalaysia MexicoNetherlands New Zealand Norway

11 Copyright (C) The Open Group 2014 What Does The Open Group Do?  Membership & Events  Forums & Work Groups: Architecture, Security, Real-Time and Embedded Systems, Cloud, SOA, OTTF, etc.  International & Regional Conferences  Standards and Certification - Over 25 years experience Voluntary consensus standards and certification programs through The Open Group Standards Process consistent with OMB Circular A-119  People & Organizations: TOGAF®, Architects, IT Specialists, Lotteries (Quality Assurance Best Practices), O-TTPS  Products & Technology: NFC Forum, UNIX®, WAP, Architecture Tools  Defense Standards: DirecNet, FACE™ 11

12 Copyright (C) The Open Group 2014 The Open Group CyberSecurity Activities 12 Infosec Thought Leadership De-perimeterization Identity management Data protection Cloud security Open Standards & Best Practices Security architecture Information security management Risk management standards, best practices, and certification Compliance & security automation Open Standards MILS Software assurance High assurance certification Dependability Supply Chain Security Standards, Best Practices Open Trusted Technology Provider TM Standard Addressing maliciously tainted and counterfeit products Accreditation Program Security Forum Real Time & Embedded Systems Trusted Technology Forum

13 Copyright (C) The Open Group 2014 OTTF Background  Government-industry roundtable discussion in 2009  Initiated by DOD/AT&L, DOD/CIO and The Open Group  Government raised these issues  Moving from high assurance customized solutions to commercial off the shelf (COTS) information communication technology (ICT)  Need to confidently identify trusted COTS ICT products/providers  Government recommendation  Establish consensus on best of breed best practices based on industry experience to create a standard that enables all providers to conform to those best practices when building products.  Create an accreditation program brand that identifies trusted technology providers who conform to the standard  Response to the recommendation – Created the OTTF  Providers, integrators, government agencies, third party labs from around the globe responded to the recommendation 13

14 Copyright (C) The Open Group 2014  Commercial Off-the-Shelf (COTS) Information and Communication Technology (ICT) leverage a Global Supply Chain Trusted Products “Buy with Confidence” For Governments For Consumers For Service Providers For Enterprises 14 “Build with Integrity” The Challenge Product certification is not enough - need assurance throughout that best practices are being followed in building every product.

15 Copyright (C) The Open Group 2014 O-TTPS: Mitigating Maliciously Tainted and Counterfeit Products  The Open Trusted Technology Provider TM Standard (O-TTPS) released in April, 2013 – 50 page document on requirements for organizational best practices  The result of over 3 years of collaborative consensus-based effort  Apply across product life cycle. Some highly correlated to threats of maliciously tainted and counterfeit products - others more foundational but considered essential  2 areas of requirements – often overlap depending on product and provider:  Technology Development - mostly under the provider’s in-house supervision  Supply Chain activities mostly where provider interacts with third parties who contribute their piece in the product’s life cycle 15 SourcingDesign Sustainment Disposal Technology Development Supply Chain Distribution Fulfillment Build

16 Copyright (C) The Open Group 2014 O-TTPS: Technology Development  Product Development/Engineering Requirements in:  Software/Firmware/Hardware Design Process  Development/Engineering Process and Practices  Configuration Management  Quality/Test Management  Product Sustainment Management  Secure Development/Engineering Requirements in:  Threat Analysis and Mitigation  Run-time Protection Techniques  Vulnerability Analysis and Response  Product Patching and Remediation  Secure Engineering Practices  Monitor and assess the impact of changes in the threat landscape 16

17 Copyright (C) The Open Group 2014 O-TTPS: Supply Chain Activities  Supply Chain Requirements In:  Risk Management  Physical Security  Access Controls  Employee and Supplier Security  Business Partner Security  Supply Chain Security Training  Information Systems Security  Trusted Technology Components  Secure Transmission and Handling  Open Source Handling  Counterfeit Mitigation  Malware Detection 17

18 Copyright (C) The Open Group 2014 OTTF Principles The OTTF is developing their standards and accreditation programs according to these principles:  Practical and effective - Practitioner based, evidence that it works in the field  Reasonable - Achievable and implementable by a wide variety of vendors and stakeholders  Affordable - Reasonably cost effective to implement  Open - Based on open standards and recognized industry best practices – publically available to all  Organizational/Process Based Accreditation - Flexible enough that an organization can choose their own scope of accreditation (product, product-line, entire organization) 18

19 Copyright (C) The Open Group 2014 Objective: Customers Buy with More Confidence: Providers & Suppliers Can Extend Supply Chain Security 19 Evaluation of Security Products Follow O-TTPS Best Practices Commercial ICT Customers “Buy with Confidence” Request O-TTPS Accredited Providers Trusted Technology Provider Trusted Technology Products & sub components O-TTPS Compliant Suppliers will conform to the O-TTPS (Standard) – and will be Accredited – Broader than security product evaluations Un-trusted Suppliers and Providers who do not follow the Standard – who are not accredited

20 Copyright (C) The Open Group 2014 Alliance Customer/Acquirer Integrator Provider Component Suppliers Demands Accreditation certificate as evidence of conformance to Open Trusted Technology Provider™ standards Will seek business partners who can meet Open Trusted Technology Provider™ requirements Will seek business partners who can meet Open Trusted Technology Provider™ requirements Business Partners May be hardware, software, global, open source - or not - multiple supplier layers Standards Body Will seek ways of achieving market up-take/ integrity of standards Accreditation/ Accreditation Body Must be independent & vendor/technology-neutral Accreditation Process Standards Business Partners Process

21 Copyright (C) The Open Group 2014 OTTF Milestones and Time Frames Early Industry Collaboration Forum Launched Framework White Paper Published Standard Development: Snapshot => Publish V 1.0 Define Conformance Criteria, Conduct Pilot Program Define & Approve O-TTPS Accreditation Program Implement and Launch Public O-TTPS Accreditation Program 21 O-TTPS v. 1.0 published April 2013 O-TTPS Accreditation Program Approved October 2013 Program Available in Dec. Marketing Launch early Feb Q3Q1Q4`Q2Q3Q1Q4`Q2Q3Q1Q4`Q2Q3Q1Q4`Q2Q3Q1Q4`Q2 2014

22 Copyright (C) The Open Group 2014Copyright (C) The Open Group 201 Part 3: The Standard 22

23 Copyright (C) The Open Group 2014 Introducing the O-TTPS (Standard)  What is the O-TTPS?  A standard, developed by The Open Group’s Trusted Technology Forum (OTTF)  It contains:  An explanatory section that introduces the scope of the standard. It focuses on the two threats of counterfeit products and of maliciously tainted products.  A framework used to present the attributes and requirements for supply chain security  A glossary and definitions of terms 23

24 Copyright (C) The Open Group 2014 O-TTPS Focused on 2 Major Treats  Version 1 of the standard focuses on mitigating risks associated with two threats that are of concern to customers of commercial off the shelf (COTS), information and communications technology (ICT).  The two threats are:  Counterfeit Products  Maliciously Tainted Products 24

25 Copyright (C) The Open Group 2014 O-TTPS Snapshot – Mitigating Risks for Tainted and Counterfeit Products  A tainted product is “produced by the provider and is acquired through reputable channels but has been tampered with maliciously”. - Could result in:  product failure, degraded performance, weakened security mechanisms allowing rogue functionality and potentially critical damage  A counterfeit product is “produced other than by or for the provider, or is supplied by other than a reputable channel, and is represented as legitimate”. – Could result in:  For customers: if product fails at critical juncture – loss of productivity, revenue  For providers: loss of revenue stream and brand damage 25

26 Copyright (C) The Open Group 2014 TaintCounterfeit UpstreamProviderDownstreamUpstreamProviderDownstream Malware Malicious code (masquerading as vulnerabilities) Unauthorized “Parts” Unauthorized Configuration Scrap/ Substandard Parts Unauthorized Production Technology Supply Chain Threat Matrix 26

27 Copyright (C) The Open Group 2014  Technology Development  PD: Product Development/Engineering Methods  5 Attributes  SE: Secure Development/Engineering Methods  6 Attributes  Supply Chain Security  SC: Supply Chain Security Methods  12 Attributes 27 O-TTPS Best Practice Categories

28 Copyright (C) The Open Group 2014 The O-TTPS Requirements and Recommendations  2 Categories  3 Methods  23 Attributes 54 Requirements (Shall) 29 Recommendations (Should) – Currently not assessed  Accreditation demonstrates conformance to the 54 requirements 28

29 Copyright (C) The Open Group O-TTPS Technology Development Category Supply Chain Security Category Product Development/Engineering Method Supply Chain Security Methods Secure Development/Engineering Method Development Method Quality and TestProduct Sustainment Threat Analysis & MitigationVulnerability Analysis & Response Product Patching & Remediation Secure Engineering Practices Run Time Protection Monitoring the Threat Landscape Risk ManagementAccess ControlsEmployee and Supplier Security and Integrity Business Partner Security Physical Security Supply Chain Security TrainingInformation Systems Security Secure Transmission and HandlingOpen Source Handling Counterfeit Mitigation Trusted Technology Components Malware Detection Design ProcessConfiguration Management

30 Copyright (C) The Open Group 2014 PD: Product Development/Engineering Method  Attributes 1.PD_DES: Software/Firmware/Hardware Design Process 2.PD_CFM: Configuration Management 3.PD_MPP: Well-defined Development/ Engineering Method Process and Practices 4.PD_QAT: Quality and Test Management 5.PD_PSM: Product Sustainment Management 30 Technology Development Category

31 Copyright (C) The Open Group 2014 SE: Secure Development/Engineering Method  Attributes 1.SE_TAM: Threat Analysis and Mitigation 2.SE_RTP: Run-time Protection Techniques 3.SE_VAR: Vulnerability Analysis and Response 4.SE_PPR: Product Patching and Remediation 5.SE_SEP: Secure Engineering Practices 6.SE_MTL: Monitor and Assess the Impact of Changes in the Threat Landscape 31 Technology Development Attributes

32 Copyright (C) The Open Group 2014 SC: Supply Chain Security  Attributes 1.SC_RSM: Risk Management 2.SC_PHS: Physical Security 3.SC_ACC: Access Controls 4.SC_ESS: Employee and Supplier Security and Integrity 5.SC_BPS: Business Partner Security 6.SC_STR: Supply Chain Security Training 7.SC_ISS: Information Systems Security 8.SC_TTC: Trusted Technology Components 9.SC_STH: Secure Transmission and Handling 10.SC_OSH: Open Source Handling 11.SC_CTM: Counterfeit Mitigation 12.SC_MAL: Malware Detection 32 Technology Development Attributes

33 Copyright (C) The Open Group 2014Copyright (C) The Open Group 201 Part 4: The Accreditation Program 33

34 Copyright (C) The Open Group 2014 Accreditation Program Outline  Overview Diagram & Description  Operational Flowchart  Accreditation Elements  Conformance Statement / Scope of Accreditation  Accreditation Requirements  Accreditation Agreement & Trademark License  Accreditation Policy  Assessment Methodology – Covered in next Section 34

35 Copyright (C) The Open Group 2014 O-TTPS: Proposed Accreditation Program 35 Applicants (Component Supplier, Provider, Integrator) Accreditation Authority: Program Operated by The Open Group O-TTPS Recognized 3 rd Party Assessors O-TTPS Accreditation Program Vendor neutral program: Accreditation Authority responsible for accreditation of 3 rd party assessors, appeals, certificates, logo-use, consistency across accreditations OTTF: develops and maintains Standard Membership is open to all Application Warrant & Represent Engages Scope Flexible. Whole organization to one product Governance and Operation Verifies Conformance Success! Open Trusted Technology Providers™ Program logo used to support accreditation claims Based on Warranty & Assessed Conformance

36 Copyright (C) The Open Group 2014 Accreditation Program Description  The Applicant can be a Component Supplier, a Provider, or an Integrator  The Applicant warrants and represents their conformance to requirements throughout their declared Scope of Accreditation – that is they claim that they follow the best practices through out the product life-cycle, including supply chain cycles for all of the products in their declared Scope  Scope up to Applicant: product, product(s), product-line, organization, etc.  Warranty backed by evidence of conformance and assessment of evidence by 3 rd Party Assessors  The Open Group will operate vendor-neutral program, provide oversight and consistency across applications  Successful Applicant gets certificate and use of Trademark and Logo  The Open Group manages Trademark and Logo use, problem reporting and appeals process.  The accreditation period is 3 years before required renewal  Launch of a public O-TTPS accreditation program December 2014 – open to any organization – don’t need to be a member 36

37 Copyright (C) The Open Group 2014Copyright (C) The Open Group 201 Accreditation Program Operational Flow Chart

38 Copyright (C) The Open Group 2014 Accreditation Program Elements: Conformance Statement  Conformance Statement Questionnaire is:  completed by the Organization  generated from the Conformance Statement Questionnaire  Defines contact information and the draft Scope of Accreditation  Provided to Accreditation Authority (AA)  Once finalized and the accreditation is awarded it becomes a public document  References in Section in 3.3 of the Policy 38

39 Copyright (C) The Open Group 2014 Accreditation Program Elements: Scope of Accreditation  The Organization declares its Scope of Accreditation  Their warranty is with respect to Scope of Accreditation.  The Organization has total latitude with this decision  enterprise-wide, product-line, business unit, or yet others may prefer to accredit only one or more individual products 39

40 Copyright (C) The Open Group 2014 Accreditation Program Elements: Accreditation Requirements  The Accreditation Requirements are the O-TTPS requirements that an Organization must meet in order to demonstrate conformance to the O-TTPS.  For the case of O-TTPS 1.0 the Accreditation Requirements are:  Organizations must meet all of the mandatory/shall requirements in the Standard.  An Organization is not required to meet and will not be assessed for the recommendations/”should” requirements in the Standard  All of the requirements and the recommendations are listed in Chapter 4 of the standard.  The definition of should and shall are in Chapter 1.3 of the Standard and align with the ISO definitions. 40

41 Copyright (C) The Open Group 2012 Accreditation Program Elements: Accreditation Agreement and TMLA  The Accreditation Agreement  The agreement between the Organization and the Accreditation Authority that defines the accreditation service to be provided and contains the legal commitment by the Organization to the conditions of the O-TTPS Accreditation Program.  Trademark License Agreement  The agreement that contains the legal commitment by the Organization to the conditions for use of the Accreditation Logo.  The Accreditation Agreement and the Trademark License Agreement – in conjunction with the Accreditation Requirements and the Accreditation Policy constitute the set of requirements and obligations between the Organization and the Accreditation Authority for achieving accreditation 41

42 Copyright (C) The Open Group 2012 Accreditation Program Elements: Policy  Defines what can be accredited, what it means to be accredited, and the process for achieving and maintaining accreditation.  Defines the obligations of Organizations, including a requirement for an Organization to warrant and represent that within a declared Scope of Accreditation it meets the Accreditation Requirements (i.e., all the Mandatory/Shall reqs. in the O-TTPS)  The Organization has total latitude with this scope declaration it may be: enterprise-wide, product-line, business unit, or yet others may prefer to accredit only one or more individual products  The Accreditation Policy – in conjunction with the Accreditation Requirements, Accreditation Agreement, and Trademark License Agreement – constitute the set of requirements and obligations between the Organization and the Accreditation Authority for achieving accreditation 42

43 Copyright (C) The Open Group 2012 Accreditation Program Elements: Policy  Section 1: Overview  1.1 Introduction  1.2 Terminology – very important for Assessors to refer to this section when in doubt about what a term means. The Assessment Procedures will refer out to these definitions and will include only those definitions that are not defined in the Policy or the Standard.  1.3 Referenced Documents – Assessors should read each of these Reference Documents: (See Next Slide) 43

44 Copyright (C) The Open Group 2012 Accreditation Program Elements: Referenced Documents  1.3 Referenced Documents – Assessors should read each of these Reference Documents:  Accreditation Agreement  Accreditation Package Document, including the Assessment Report  Accreditation Policy (this document)  Accreditation Program Guide  Accreditation Requirements  Assessment Procedures  Conformance Statement  Conformance Statement Questionnaire  Implementation Selection Criteria Application (ISCA) Document  O-TTPS Recognized Assessor Agreement  The Open Trusted Technology Provider Standard (O-TTPS)  Trademark License Agreement 44

45 Copyright (C) The Open Group 2012 Accreditation Program Elements: Policy  Section 2: Accreditation Process  Introduction:  Lists all of the parties involved in the Accreditation Program: Assessors should make sure they understand each of the party’s roles (reference section 1.2 for basic definitions) Organization Accreditation Authority (AA) O-TTPS Recognized Assessor and its Assessor(s) Specification Authority Technical Review Board The Open Group Board of Directors  Work Flow Diagram (See Next Slide)  Sections 2.1 – 2.12 Defines the various steps labeled in the Flow Diagram.  Assessors should be familiar with all steps from an operational flow perspective.  2.6 – 2.10 Assessors should have an in depth understanding of these steps. (They will be covered in more detail in the Assessment Methodology Section.) 45

46 Copyright (C) The Open Group 2011 Accreditation Program Operational Flow Chart

47 Copyright (C) The Open Group 2012 Accreditation Program Elements: Policy  Section 3: Conformance  This section describes the policies relating to the conformance of the Organization at the time of accreditation and throughout the duration of the accreditation.  Covers:  Scope of Accreditation  More than one Scope of Accreditation  Accreditation Requirements  Conformance Statement 47

48 Copyright (C) The Open Group 2012 Accreditation Program Elements: Policy  Section 4: Obligations of Organization  The Accreditation Agreement (between the Accreditation Authority and the Organization) requires the Organization, to the best of an Organization’s knowledge, to warrant and represent that: –Within the Scope of Accreditation, the Organization conforms to the Accreditation Requirements. –The Organization agrees to the policies expressed in the Accreditation Policy document.  This section covers:  Achieving Accreditation  Maintaining Accreditation during the Accreditation Period  Removal of Accreditation 48

49 Copyright (C) The Open Group 2012 Accreditation Program Elements: Policy  Section 5: The Open Group Accreditation Logo  Basics:  Once the Accreditation Authority has notified the Organization that it is accredited, and the Trademark License Agreement has been signed, the Organization may use the Accreditation Logo in association with the Organization and its Scope of Accreditation as per the terms specified in the Trademark License Agreement.  The Accreditation Logo may be used only on or in relation to the Organization and its Scope of Accreditation  This section covers:  Trademark License Agreement  Removal of the Accreditation Logo  Reporting Misuse of the Accreditation Logo 49

50 Copyright (C) The Open Group 2012 Accreditation Program Elements: Policy  Section 6: Accreditation Register  Basics:  The Accreditation Register is a web-based record of all accredited Organizations and is maintained by the Accreditation Authority. The Accreditation Register contains:  Name of the Organization  Duration the accreditation is valid before it must be renewed  Status of the accreditation, as either current or inactive  Version of the O-TTPS against which it is accredited  Conformance Statement, includes Scope of Accreditation  Pointer to the Organization’s website  This section covers:  Inclusion in the Accreditation Register  Deactivate Listing in the Accreditation Register 50

51 Copyright (C) The Open Group 2012 Accreditation Program Elements: Policy  Section 7: Alterations to the Scope Of Accreditation  During the Accreditation Period – that is, after initial accreditation and before scheduled re-accreditation or between re-accreditations:  If an Organization wants to increase its Scope of Accreditation, the Organization will follow the re-accreditation process specified in Section 8.  If an Organization wants to decrease its Scope of Accreditation, and that decrease in scope represents a subset of the previous Scope of Accreditation, it is considered an administrative change. Such changes are addressed in Section

52 Copyright (C) The Open Group 2012 Accreditation Program Elements: Policy  Section 8: Re-Accreditation  Basics:  Accreditation is valid for three (3) years unless accreditation is subsequently terminated in accordance with Section 4.3.  The last day of the Accreditation Period is referred to as the renewal date and represents the date on which the accreditation will by default cease to be valid, unless the Organization begins renewal of the accreditation in accordance with the procedures in Section 8.  Section 8 covers the following sections:  Timeframes for Renewal  Re-Accreditation Process  Withdrawal of Accreditation Associated with Renewal 52

53 Copyright (C) The Open Group 2012 Accreditation Program Elements: Policy  Section 9: Problem Reporting and Resolution  Basics:  During the accreditation process or during the preparation phase, an Organization may encounter a problem that inhibits or will inhibit the accreditation effort.  The Organization or any other party involved in the O-TTPS Accreditation Program, including Assessors, may file a Problem Report using the Accreditation Authority’s website to obtain resolution to the issue.  The Accreditation Authority is the sole interface with the submitter of the Problem Report, though others will be involved in determining the resolution.  The types of problems that may be found include:  Errors or ambiguities in the O-TTPS against which conformance is based  Errors or ambiguities in the Assessment Methodology  Errors in the Accreditation System  The Problem Report is used only for the types of errors listed above, those which are inhibiting the accreditation effort.  For general questions on the accreditation process, the assessment process, or other problems not covered above, individuals should contact the Accreditation Authority, which can provide assistance on obtaining further information.  The Problem Report resolution process allows the Organization to remain anonymous, so pre-accreditation activity is kept confidential. 53

54 Copyright (C) The Open Group 2012 Accreditation Program Elements: Policy  Section 9: Problem Reporting and Resolution  Basics:  The possible outcomes for Problem Report resolution are:  Accepted as an error or ambiguity in the O-TTPS (an Interpretation) Errors are related to the Standard Party responsible for agreeing the resolution: OTTF  Accepted as an error or ambiguity in the Assessment Methodology (an Assessment Methodology Deficiency). Errors are related to: the Accreditation Policy, the Accreditation Requirements, and the Assessment Procedures. Party responsible for agreeing the resolution: OTTF  Accepted as an error in the Accreditation System (an Accreditation System Deficiency) Errors are related to: the software and hardware information systems and the supporting accreditation documents used in the accreditation process. Party responsible for agreeing the resolution: OTTF  Rejected  The Accreditation Authority will maintain a public web-accessible repository of all submitted Problem Reports, and their associated resolutions  An Organization may cite a resolved Interpretation, Assessment Methodology Deficiency, or Accreditation System Deficiency to address discrepancies or to support its application for accreditation in any other way, irrespective of the origin of the Problem Report. 54

55 Copyright (C) The Open Group 2012 Accreditation Program Elements: Policy  Section 10: Appeals Process  Basics:  Organizations may appeal decisions made by the Specification Authority or the Accreditation Authority.  The occasions that may give rise to an appeal include, but are not limited to, the following: The Organization disagrees with the resolution of a Problem Report. The Organization disagrees with the Accreditation Authority’s grounds for denying the award of accreditation. The Organization disagrees with a formal notification of the need to rectify a non-conformance.  There are two levels of appeal: 1.A Technical Review by the Technical Review Board, which comprises the OTTF Steering Committee 2.A Board Review by The Open Group Board of Directors 55

56 Copyright (C) The Open Group 2012 Accreditation Program Elements: Policy  Section 11: Confidentiality  Basics:  Assessors should read this section to understand the confidentiality terms for Assessor, Organization and the Accreditation Authority.  The Assessor has similar confidentiality terms that they will agree to in the Recognized Assessor Agreement.  Basic Terms (Policy and Recognized Assessor Agreement takes precedence over anything in this presentation. )  All information relating to an Organization and the declared Scope of Accreditation will be held confidential during the accreditation process; that is, prior to the award of accreditation.  The Assessment Report shall not be disclosed by the Accreditation Authority or the Assessor.  Any other information regarding the Assessment shall not be disclosed publicly, or to any third party, by or by any party acting on behalf of the Accreditation Authority, the O-TTPS Recognized Assessor, or its Assessors, without explicit permission by the Organization. 56

57 Copyright (C) The Open Group 2011 Part 5: The Assessment Methodology 57

58 Copyright (C) The Open Group 2012 Assessment Methodology  Overview  Completing and Approving the ISCA Document  Preparing the Accreditation Package Document  The Assessment including Assessment Procedures 58

59 Copyright (C) The Open Group 2012 Assessment Methodology: Phases  The O-TTPS Assessment Methodology includes three major phases:  Completing & Approving the Implementation Selection Criteria Application (ISCA) Document  Involves Accreditation Authority (AA) and Organization  Preparing the Accreditation Package  Involves Organization  The Assessment – must follow Assessment Procedures  Involves Organization and the Assessor 59

60 Copyright (C) The Open Group 2011 Phase 1 of the Assessment Methodology: Completing and Approving the Application of the Implementation Selection Criteria (ISCA) Document 60

61 Copyright (C) The Open Group 2012 Assessment Methodology: Completing/Approving ISCA Document  This phase is between the Accreditation Authority and the Organization. The Assessor will have visibility into and utilize the end results.  There are two major objectives of this phase are: 1.To identify, from within the Scope of Accreditation, a set of products that is a representative sample of all of the products from within that scope. An Organization does this by applying a defined set of Selection Criteria to the Scope of Accreditation. 2.To map all of the O-TTPS processes used throughout the product life-cycle of those Selected Representative Products to the O-TTPS Requirements attributes. 61

62 Copyright (C) The Open Group 2012  ISCA: An alternative approach to sampling  Instead of:  random samples  fixed rate sampling  A set of five criteria are used to identify a set of sample products that when assessed end-to-end are representative of the Scope of Accreditation as a whole.  The number of representative samples is determined by the process of applying the ISC rather than by the superset of products in scope. Assessment Methodology: Completing/Approving ISCA Document

63 Copyright (C) The Open Group 2012  What are the ISC?  A set of five criteria that research has shown are most likely to result in process variance within an organization. The five criteria are:  Location  Customer base  Supplier base  Technology and complexity  Organization structure Assessment Methodology: Completing/Approving ISCA Document

64 Copyright (C) The Open Group 2012  ISCA Document:  Completed by the Applicant/Organization  Approved by the Accreditation Authority  Based on rationale and methodology  Confidential  May contain sensitive information  Some of the non-confidential information is transferred to the Accreditation Package Document  The ISCA document as a whole is not shared with the Assessor by the Accreditation Authority Assessment Methodology: Completing/Approving ISCA Document

65 Copyright (C) The Open Group

66 Copyright (C) The Open Group 2012 More Details on the ISCA  This phase of the Assessment Methodology does not involve the Assessor – so further details are not part of the training but can be found in the ISCA Document: Pilot VersionISCA Document: Pilot Version  The output of this phase (i.e. the approved set of Selected Representative Products and mapping tables) do become part of the Accreditation Package Document – and will involve the Assessor. (This is covered in next section) 66

67 Copyright (C) The Open Group 2014Copyright (C) The Open Group 201 Phase 2: Completing the Accreditation Package Document 67

68 Copyright (C) The Open Group 2014 Accreditation Package Document: Overview  The Accreditation Package Document can be found at this link: Pilot Version and consists of the following:Pilot Version  Selected Representative Product Table (Section 2.1)  from Appendix B of ISCA Document  Attribute to Process Mapping Table (Section 2.2)  from Appendix A of ISCA Document  Evidence Tables (Sections 3 and 4)  Examples and Instructions for Completing the Evidence Tables (Section 3.1)  Evidence Tables - To be Completed by the Organization (Section 4)  Assessment Report (Section 5)  To be completed by the Assessor  Signed off by the Organization  Submitted to the Accreditation Authority

69 Copyright (C) The Open Group 2014 Accreditation Package Document: Selected Representative Product Table  Selected Representative Product Table (Section 2.1) includes:  Product Identifier (Number) and a precise description of each of the Selected Representative Products approved by the Accreditation Authority as reasonably representative with respect to the Organization’s Application of the ISC and their Scope of Accreditation.  The numbers allow the Selected Representative Products to be referred to in short form within the tables.  There is no fixed number of representative products so the number will vary for each accreditation.  This table will have been completed in the ISCA Document. Once the ISCA document has been approved by the Accreditation Authority, the completed tables will be incorporated into this section of the Accreditation Package Document by the Organization – the Accreditation Authority will then need to verify it is accurate.  The following slide contains an example of a Representative Product Table.

70 Copyright (C) The Open Group 2014Copyright (C) The Open Group 201 Accreditation Package Document: Selected Representative Product Table 70

71 Copyright (C) The Open Group 2014 Accreditation Package Document: Attribute to Process Mapping Table  Attribute to Process Mapping Table (Section 2.2) Includes:  A list of each O-TTPS attribute and the corresponding O-TTPS processes, which provide the evidence that the attribute has been instantiated in the Organization’s operational practices.  A Unique Process ID/Name, which enables the process names to be referred to in short form within the tables.  This Table:  is intended to provide background information to the assessor on how the processes referenced within the Evidence Table relate to the O-TTPS Requirement.  will have been completed in the ISCA Document. Once the ISCA document has been approved by the Accreditation Authority, the completed tables will be incorporated into this section of the Accreditation Package Document by the Organization.  The Assessor should use this table:  As an initial cross-check to assure that the process related evidence tables have been completed correctly – for internal consistency.  To verify that each and every process in this Attribute Process Mapping table appears in the Evidence Tables associated with its related attribute.  The Assessor will also need to check the Evidence Tables to make sure there were no processes mentioned that did not appear in the Process Mapping Table.  The following slide contains an example of an Attribute to Process Mapping Table.

72 Copyright (C) The Open Group 2014Copyright (C) The Open Group 201 Accreditation Package Document: Attribute to Process Mapping Table 72

73 Copyright (C) The Open Group 2014 Accreditation Package Document: Further Details on Attribute to Process Mapping Table  The following slide contains an Attribute to Process Mapping Table with each field labeled – Each field has a descriptor in the subsequent slide – See Section 3.1 of the Accreditation Package Document Template.

74 Copyright (C) The Open Group 2014Copyright (C) The Open Group 201 Accreditation Package Document: Evidence Table (Sec 3.1) 74

75 Copyright (C) The Open Group 2014 Accreditation Package Document: Key to Evidence Table Fields (3.1)  Field (1): The unique O-TTPS Accreditation Requirement number, taken from the O-TTPS Accreditation Requirements Document  Field (2): The requirement text, taken from the O-TTPS Accreditation Requirements Document  Field (3a): The list of required types of process evidence for each Accreditation Requirement (see Assessment Procedures)  Field (3b): The list of suggested/recommended types of implementation evidence (see Assessment Procedures)  Field (4): The unique process ID assigned by the Organization as in table A-1 of this template  Field (5): The list of Selected Representative Products as defined in the “Selected Representative Product Table” in Table 1 of this template.  Field (6): This field is to be filled in by the Organization with information identifying by name, the evidence of conformance for the requirement in question. Typically it is a document name, but it may be any descriptor, as long as the description, tells the Assessor where to find what needs to be looked at during the Assessment. Basically this is a high level index into the submitted material. Typically this will be a unique path/filename that identifies the evidence within the submitted file-container

76 Copyright (C) The Open Group 2014 Accreditation Package Document: Key to Evidence Table Fields (Sec 3.1)  Field (7): This field contains a brief supporting description that the Organization feels will assist the Assessor.  Field (8): This field is for narrowing the field of submitted material by allowing the Organization to indicate explicitly as possible where, within the evidence referenced in Field 4, conformance can be demonstrated. This field impacts the assessment efficiency. For example, if the assessor is pointed to a several hundred page document, most of which is irrelevant to the requirement, then much time will be wasted reading irrelevant material. This is the Organizations opportunity to narrow down the scope of the submitted material to what the Assessor really needs to see to confirm conformance with the requirement. Basically this is a secondary level index into the submitted material.  Field (9): This field is for the Assessor only. The Assessor may choose to record their findings in this column throughout the Assessment Process, however the Assessor must record their findings in this column prior to submitting the completed Final Accreditation Package Template to the Accreditation Authority. (See Assessment Procedures.)  Field (10): The Organization completes the list of processes taken from table A-1 and provides details of the evidence file name(s) to the Assessor.  Field (11): The Organization lists product specific implementation evidence of conformance for each Selected Representative Product identified in Field (5).

77 Copyright (C) The Open Group 2014Copyright (C) The Open Group 201 Phase 3: The Assessment 77

78 Copyright (C) The Open Group 2014 Assessment Assessment Procedures  Some of the Basics:  This document defines the procedures that must be followed by an Assessor when conducting an O- TTPS Accreditation Assessment.  The primary audience for this document is the Assessor, however an Organization who is undergoing assessment needs to understand the requirements for accreditation in more depth so may also find this document useful.  Operational Steps – also see flow chart on following slide:  AA Updates the Accreditation Package Document  Organization Engages an O-TTPS Recognized Assessor  Organization Submits Accreditation Package to Assessor  Assessor Reviews Evidence/Communicates Observations  Exiting the Assessment Process Accreditation Recommended Potential revised Scope of Accreditation  Assessor Completes the Assessment Report  AA Reviews the Assessment Report

79 Copyright (C) The Open Group 2014Copyright (C) The Open Group 201 Assessment Process Flow Chart

80 Copyright (C) The Open Group 2014 The Assessment: Assessment Procedures  The Assessor must make themselves familiar with these procedures. The activities expected of Assessors are described in this document.  Appendix A contains general guidelines for the Assessor that should be read, understood and followed during an Assessment.  Appendix B contains additional specific guidelines for the Assessor, arranged in table format with specific guidelines for assessing each of the O-TTPS Requirements.  Appendix C contains information on how the Assessor records observations in the Accreditation Package Template and completes the Assessment Report. 80

81 Copyright (C) The Open Group 2014 Assessment Procedures General Guidelines (Appendix A)  BASICS: General Guidelines that must be followed during the assessment:  The Evidence of Conformance, demonstrating the existence of a process and the implementation of a process provided by the Organization shall meet the following requirements:  There are two categories of evidence required: process and implementation.  For process evidence the types of evidence/artifacts listed in this document and in the ISCA Template Appendix B, are required.  For implementation evidence, that is evidence that shows the process has been applied to the Selected Representative Products, the types of evidence/artifacts listed in this document are suggested/recommended types of evidence  The implementation evidence shall be related to the Selected Representative Products.  The implementation and process evidence provided must be sufficient to demonstrate conformance to the requirement.  The evidence provided should cover the period of time for which the claimed process has been implemented for the Selected Representative Product. 81

82 Copyright (C) The Open Group 2014 Assessment Procedures General Guidelines Continued…  The Assessor must maintain a log of their activities, which will be made available to the Accreditation Authority upon request, such that the Assessment is able to be repeated.  The log should contain supplementary information about the Assessment Method used for each requirement such as:  Who was interviewed (names and roles), on what topic, what evidence was reviewed, evidence identifier as indicated in the evidence tables, date and location of the interview, whether the location was physical or virtual.  Internal audit or Assessment reports are acceptable types of evidence for all requirements as long as they meet certain criteria. (see A.2)  There are other General Guidelines in Appendix A  this slide set only captures the major guidelines that must be followed – it is the Assessor’s responsibility to review and understand anything included in Assessment Procedures. 82

83 Copyright (C) The Open Group 2014 Assessment Procedures Specific Guidelines (Appendix B)  BASICS:  This Appendix provides specific Assessor activities for each Accreditation Requirement. The tables in this section are arranged as follows:  There is an overall heading for each Attribute, which includes the name and acronym for the Attribute and where in the Standard the Attribute and associated requirements can be found. Under each Attribute heading there are tables for every O-TTPS Requirement associated with that Attribute.  The requirement tables contain the acronym for the O-TTPS Requirement along with the exact wording of the O-TTPS Requirement. Each table also includes the following fields:  Assessment Type: indicates whether the evidence of conformance to be provided/assessed is: Process Evidence or Implementation Evidence or both.  Related Requirements: indicates which other Accreditation Requirements should be considered in the assessment of this requirement  Specific Guidelines: provides additional guidance for the specific requirement – if any.  Evidence of Conformance: Process Evidence: Indicates the types of process evidence that must be provided for each requirement Implementation Evidence: Indicates the types of implementation evidence that are suggested/recommended 83

84 Copyright (C) The Open Group 2014Copyright (C) The Open Group 201 Assessment Procedures: Specific Assessor Guidelines: Includes one table for every requirement – See Appendix B The Assessor should consult these tables for every requirement to assure they are following the procedures.

85 Copyright (C) The Open Group 2014Copyright (C) The Open Group 201 Assessment Procedures: Recording Assessment Findings (Appendix C) : The Assessor must record their comments in the last column of the Accreditation Package Document See next slide for details.

86 Copyright (C) The Open Group 2014 Assessment Procedures Recording the Assessment Findings  The table in the previous example is from the Accreditation Package Document, which will initially be completed by the Organization with information on where the Assessor can find the applicable Evidence of Conformance for each item/row.  The last column “Assessor Comment” is where the Assessor will record their assessment findings for each item in the table.  The Assessor may use this table to record and revise their findings throughout the Assessment process should they choose to, but they must record their final findings in the Assessor Comment Column in the Final Accreditation Package Document before submitting it to the Accreditation Authority. 86

87 Copyright (C) The Open Group 2014 Assessment Procedures Recording the Assessment Findings  During the Assessment, if the finding is that the evidence provided indicates conformance, the Assessor will indicate this by completing the mandatory Assessor Comment Column.  The minimum content of the Assessor Comment Column for each requirement is:  Date conformance was established  Assessor or assessor(s) responsible for the specific finding  Evidence assessed (which of the recommended types of implementation evidence was examined, or if alternative evidence was considered why it was determined to be equivalent).  Assessment method employed (e.g. documentation audit, direct inspection, face-to- face interview, web conference, interview conference call, photograph inspection, video recording, on-line system audit.)  Rationale for PASS (NOTE: not sure what form this would be yet as its likely to be requirement by requirement in some cases or default in others, hopefully we will find out in the pilot). 87

88 Copyright (C) The Open Group 2014 Assessment Procedures Completing the Assessment Report  The final step is to complete the Assessment Report, which is part of the Assessment Package Document. The Assessor completes all of the fields, with the information described in the following slide and submits it to the Accreditation Authority.  The Organization must sign-off on the Report before submitting it to the Accreditation Authority.  The next slide describes the Assessment Report fields to be completed. 88

89 Copyright (C) The Open Group 2014Copyright (C) The Open Group 201 Assessment Procedures: Assessment Report – See Appendix C – Section 3. The Assessor must complete these fields and submit the Assessment Report to the Accreditation Authority.

90 Copyright (C) The Open Group 2014Copyright (C) The Open Group 201 Part 6: Recognized Assessor Agreement 90

91 Copyright (C) The Open Group 2014 O-TTPS Recognized Assessor Agreement  Definition of Terms:  O-TTPS Recognized Assessor:  A company that has met the O-TTPS Recognized Assessor criteria defined in the O-TTPS Recognized Assessor Agreement, has entered into the O-TTPS Recognized Assessor Agreement with the Accreditation Authority, and makes available Assessors to perform Assessments of Organizations for the purpose of O-TTPS accreditation.  NOTE: This is the “Company” not the the individual or team of individuals performing the Assessment.  Assessor:  An individual or team of individuals within an O-TTPS Recognized Assessor organization who meets the criteria for performing Assessments for the O-TTPS Accreditation Program as specified in the O-TTPS Recognized Assessor Agreement and may perform Assessments of an Organization’s Scope of Accreditation.  The O-TTPS Recognized Assessor Agreement  Agreement between the O-TTPS Recognized Assessor (company) and The Open Group  The agreement: Specifies criteria that must be met by the company in order to be listed on the O-TTPS Recognized Assessor Registry – maintained by The Accreditation Authority – and to be granted the use of the O-TTPS Recognized Assessor Trademark Specifies criteria that must be met by the Assessor(s) employed by the company in order to perform O-TTPS assessments. Specifies terms and conditions to be met by The O-TTPS Recognized Assessor, the Assessors, and The Open Group. 91

92 Copyright (C) The Open Group 2014 O-TTPS Recognized Assessor Agreement  The Agreement takes precedence over anything in these slides. It’s the responsibility of Assessor and Recognized Assessor Organization to understand and abide by ALL the terms in the Agreement, these training slides are only to increase awareness.  Eligibility: O-TTPS Recognized Assessor warrants that:  In performing O-TTPS Assessment activities, it operates an accredited/certified management system for organizational processes including documentation management and record control, personnel training, resource management, internal auditing and preventive and corrective actions.  It is, and will continue to be updated throughout the term of this Agreement, accredited/certified in at least one of the following standards that are acceptable for demonstrating this requirement to The Open Group:  ISO/IEC 17020: 2012: Conformity Assessment – Requirements for the operation of various types of bodies performing inspection,  ISO/IEC 17021:2011: Conformity Assessment – Requirements for bodies providing audit and certification of management systems,  ISO/IEC 17025:2005: General requirements for the competence of testing and calibration laboratories,  Its accreditation/certification was obtained and will continue to be obtained from a certification body that itself is accredited by one of the recognized, internationally approved accreditation authorities operating under the mutual recognition agreements of the International Accreditation Forum (IAF), the International Laboratory Accreditation Cooperation (ILAC) or IQNet. 92

93 Copyright (C) The Open Group 2014 O-TTPS Recognized Assessor Agreement  The Agreement takes precedence over anything in these slides. It’s the responsibility of Assessor and Recognized Assessor organization to understand and abide by ALL the terms in the Agreement. These training slides are only to increase awareness.  Assessor Activities and Assessment Procedures:  Assessor shall perform the Assessment(s) in accordance with the O-TTPS Assessment Procedures that are found at accred.opengroup.org.  O-TTPS Recognized Assessor shall have written procedures regarding the performance of O-TTPS Assessments, which instantiate the O- TTPS Assessment Procedures. Such written procedures, and any updates as necessitated and advised by the Accreditation Authority, must be made available for review by the Accreditation Authority, on request.  Personnel, Qualifications, and Training: i n order to perform assessments for the O-TTPS Accreditation Program, O-TTPS Recognized Assessor shall ensure that its Assessors (employees and/or contractors) performing Assessments on its behalf have the experience, knowledge, and training in the O-TTPS Standard, Accreditation Policy, and all the technical areas of the O-TTPS. These include the following criteria, satisfaction of which O-TTPS Recognized Assessor shall attest in writing to the Accreditation Authority:  Have been trained and have a minimum of 2 years’ experience in performing process audits or assessment of process conformance to standards based upon review of process documentation and associated records of process implementation. Acceptable training and certifications are:  ISO 9001 lead auditor  ISO/IEC lead auditor  CMMI-DEV appraisers  ISO/IEC or Common Criteria evaluator with experience in evaluating life-cycle assurance requirements  An ISO/IEC or FIPS tester with experience in testing the process requirements of that standard  Have sufficient knowledge of:  Supply chain management terminology and techniques  Technical knowledge of O-TTPS Attributes:  Education and training on these topics should be included in the Assessor personnel’s training record.  The O-TTPS Attribute areas (See Section 4 of the O-TTPS for the Attributes)  Have successfully passed The Open Group Assessor examination covering the O-TTPS Standard and Accreditation program. 93

94 Copyright (C) The Open Group 2014 O-TTPS Recognized Assessor Agreement  The Agreement takes precedence over anything in these slides. It’s the responsibility of Assessor and Recognized Assessor organization to understand and abide by ALL the terms in the Agreement. These training slides are only to increase awareness.  Conflicts of Interest:  In order to be able to conduct Assessments free of any conflicting interests that might affect its conclusions, O-TTPS Recognized Assessor shall have a written policy that:  Maintains separation between personnel performing Assessment activities and any personnel performing consulting for the same Organization for the same accreditation; and  Ensures the O-TTPS Recognized Assessor is independent of any ownership, leadership, or joint business endeavor with the Organization they are assessing.  Confidentiality: The O-TTPS Recognized Assessor and the Accreditation Authority will hold confidential:  During the accreditation process, prior to the award of accreditation, all information relating to an Organization and the declared Scope of Accreditation;  The Assessor’s findings recorded in the Accreditation Package Document, including the Assessment Report and any documents submitted by the Organization  Any information regarding unsuccessful attempts for accreditation  Information regarding the details of the assessment process shall not be disclosed publicly, or to any third party other than the Organization by the Accreditation Authority, or the O-TTPS Recognized Assessor, or any party acting on the Accreditation Authority’s or the O-TTPS Recognized Assessor’s behalf. In addition, the Accreditation Authority and the O-TTPS Recognized Assessor will always hold confidential any information regarding unsuccessful attempts for accreditation. 94

95 Copyright (C) The Open Group 2014 O-TTPS Recognized Assessor Agreement  The Agreement takes precedence over anything in these slides. It’s the responsibility of Assessor and Recognized Assessor organization to understand and abide by ALL the terms in the Agreement. These training slides are only to increase awareness.  Confidentiality Continued:  Each party further agrees to disclose Confidential Information only to its employees or contractors whose services are required in furtherance of the Purpose of this Agreement, and to require each of its employees and/or contractors to comply with the terms of this Agreement prior to the disclosure of such Confidential Information to them.  Limitation of Use. Each party shall use Confidential Information only in connection with the furtherance of the O-TTPS Accreditation Program and shall make no further use, in whole or in part, of any such Confidential Information. 95

96 Copyright (C) The Open Group 2014 O-TTPS Recognized Assessor Agreement  The Agreement takes precedence over anything in these slides. It’s the responsibility of Assessor and Recognized Assessor organization to understand and abide by ALL the terms in the Agreement. These training slides are only to increase awareness.  O-TTPS Recognized Assessor Trademark  By signing this Agreement, O-TTPS Recognized Assessor confirms that it has read, understood and agrees to the terms and conditions of the Trademark License Agreement (“TMLA”) and warrants that it shall use the Trademark therein described only in connection with its role as an O-TTPS Recognized Assessor in the Accreditation Program  Re-qualification  O-TTPS Recognized Assessor agrees to re-qualification of their company as an O-TTPS Recognized Assessor every three (3) years. 96

97 Copyright (C) The Open Group 2014Copyright (C) The Open Group 201 For further Questions on the Training Material and Exam please contact The O-TTPS Accreditation Authority 97


Download ppt "Copyright (C) The Open Group 2014Copyright (C) The Open Group 201 Overview of Assessor Material The Open Trusted Technology Provider™ Standard (O-TTPS)"

Similar presentations


Ads by Google