TI Process

Certification

	Summary  Registration  Accreditation  Certification

 
Since the 1st of September 2010, certification is the next step in the TI Team Maturity model. Certification is meant for those TI Accredited teams who have internal and/or external reasons to have their maturity level gauged in an independent way.

A candidate for TI Certification is already a TI Accredited team in good standing - i.e. fulfilling their accreditation obligations for at least eight months and not being under special review by the TI Review Board - and will have attended at least one TI Accredited Teams Meeting.

The gauge used is the SIM3 model, which stands for Security Incident Management Maturity Model. SIM3 describes 50 parameters, divided over the categories organisation, human resources, processes and tools. Scoring is on five levels, ranging from "0", which means it is not available, to "4", which means that the parameter is not only described (on level "2") and rubber-stamped (on level "3") but also part of an audit process. The actual certification gauging involves required distinct minimum levels for each of the 50 parameters.

When the certification succeeds, the team can show this to their constituents, to their funding bodies, to other parties or teams they want to cooperate with. The certified teams are and stay part of the community of TI Accredited teams - the certification is in fact extra branding, useful for all sorts of purposes in the near future.

The TI Certification can take from 3 to 12 months, depending on the amount of work the team needs to do to meet the requirements, and depending on the priority attached to that improvement process. To date, four teams have been certified: GOVCERT.NL, SWITCH-CERT, TS-CERT and CERT-SE. Three other teams are in the process.

To know more about certification ask the TI team.