Certification:
Management system certification / Voluntary assessment
Basis of certification:
International standard ISO/IEC/IEEE 23026
Standard owner:
ISO International Organization for Standardization
WHAT DOES THE ISO/IEC/IEEE 23026 STANDARD DEFINE?
ISO/IEC/IEEE 23026:2015 defines system engineering and management requirements for the life cycle of websites, including strategy, design, engineering, testing and validation, and management and sustainment for Intranet and Extranet environments.
WHAT DO “CERTIFICATION” OR THE ISSUE OF A CERTIFICATION MARK ACCORDING TO ISO/IEC/IEEE 23026 BY TÜV SÜD SOUTH ASIA PVT. LTD. MEAN?
- The customer has submitted to voluntary assessment (audit) according to defined criteria (certification standard).
- A certificate and/or the authorization to use a certification mark are only issued if the assessment (audit) does not reveal any major nonconformities with the requirements of the relevant standard.
- Certificates and/or certification marks are valid for a restricted period of time. Interested parties can check the validity of individual certificates in the certificate database.
- To maintain certificate validity, the certificate holder must complete and successfully pass annual Surveillance assessments (audits).
HOW IS THE ASSESSMENT/AUDIT PERFORMED?
Independent and qualified experts (auditors) apply the following auditing techniques:
- Document review:
- To Review the system documentation prepared by the client.
- To check User documentation for systems and software
- Life-cycle documentation for systems and software engineering projects.
- Documentation of policies, plans, and procedures for IT service management
- To collect, evaluate & verify the information regarding scope, objectives of the organization, related statutory and regulatory aspects, internal audits, performance data and risk associated.
- To review client’s status & understanding regarding requirements of standard.
- To review the allocation of resources for conformation assessment / audit and agree with the client on the details of the audit.
- To ensure appropriate planning by gaining sufficient understanding of the client’s management system and operations.
- This audit shall identify concerns that could affect the subsequent conformation assessment / audit.
- On-site audit:
- To assess the process of website development
- To check the Operation & Maintenance effectiveness of informational websites management.
- To check the web opereation management, relevant & timely information, Information security management
- To assess the Public & Limited access management
- System effectiveness with respect to documentation
- Criticality & Number of deviations
- Effect of deviations observed on the control effectiveness
WHAT IS BEYOND THE SCOPE OF CERTIFICATION ACCORDING TO THE ISO/IEC/IEEE 23026 STANDARD?
- Applies to all management-system certifications: This certification does not constitute product certification. Certification thus does not provide any direct statements on the quality of a product or service of the certified customer.
- Certification according to ISO/IEC/IEEE 23026 does not mean that the company manufactures products or provides services of higher quality.
- Certification according to ISO/IEC/IEEE 23026 does not mean that the company websites for systems, software, and services information cannot be lost, cannot be unlawfully altered.
- A certification does not confirm that the technical and organizational measures taken by the company of systems and software engineering are functioning without errors.
