How to Apply for Certification

Certification is currently available for the Open Trusted Technology Provider™ Standard (O-TTPS) Version 1.1 and the technically equivalent ISO/IEC 20243:2015.

When an Organization is considering applying for certification, they need to consider which tier of the O-TTPS Certification Program they will choose: The Third-Party Assessed tier or the Self-Assessed tier. The Third-Party Assessed tier requires the applicant to use an O-TTPS Recognized Assessor to assess evidence of conformance that is supplied by the applicant. For the Self-Assessed tier, the applicant completes the assessment independently and is not required to use an O-TTPS Recognized Assessor, though may choose to utilize the assistance of a third-party assessor in determining conformance.

If you are an organization that wants to become an certified Open Trusted Technology Provider™ you need to take the following steps:

Preparation

  1. Prepare for Certification by reading the following documents:

For the Self-Assessed Certification Tier

  1. Contact the Certification Authority via email to register your intent to be certified. You will need to provide Certification Contacts, who are the various individuals within the Organization who are the points of contact for certification. You will need to provide contact information for the following contact roles:
    1. Authorized Signatory - the person who has overall responsibility for the certification activity for your Organization and who is authorized to enter into legal commitments on behalf of the Organization.
    2. Primary Certification Contact - the individual who is the primary contact for all certification activity and issues across your Organization.
    3. Alternate Certification Contact (optional) - a person who is an alternate to the Primary Certification Contact and who has the same rights and responsibilities for certification.
    4. Organization Finance Contact - your Organization's primary contact for payment or invoicing issues related to certification.
    5. Organization Marketing Contact (optional) - the individual to contact for any certification related marketing issues.
  2. Download and complete the Conformance Statement, which includes declaring your Scope of Certification. Submit the completed Conformance Statement to the Certification Authority via email. To assist with filling out this document, please download and review the Self-Assessed Guidance document.
  3. Submit the applicable certification fee to the Certification Authority. The Certification Authority will advise on how to pay the fee.
  4. Complete the assessment.
  5. Download, print, sign, and return the Certification Agreement and Trademark License Agreement to The Open Group legal department for their review and countersignature.
  6. The Certification Authority will review the entire applicant submission and notify the Organization in writing of the outcome of the certification process.
  7. If successful the Certification Authority will issue the Certification certificate and update the Certification Registry.

 

For the Third-Party Assessment Tier

Registration

  1. Contact the Certification Authority via email to register your intent to be certified. You will need to provide Certification Contacts, who are the various individuals within the Organization who are the points of contact for certification. You will need to provide contact information for the following contact roles:
    1. Authorized Signatory - the person who has overall responsibility for the certification activity for your Organization and who is authorized to enter into legal commitments on behalf of the Organization.
    2. Primary Certification Contact - the individual who is the primary contact for all certification activity and issues across your Organization.
    3. Alternate Certification Contact (optional) - a person who is an alternate to the Primary Certification Contact and who has the same rights and responsibilities for certification.
    4. Organization Finance Contact - your Organization's primary contact for payment or invoicing issues related to certification.
    5. Organization Marketing Contact (optional) - the individual to contact for any certification related marketing issues.
  2. Download, print, sign, and return the Certification Agreement and Trademark License Agreement to The Open Group legal department for their review and countersignature.
  3. Determine the specific Scope of Certification that you wish to have certified.
  4. Submit the applicable certification fee to the Certification Authority. The Certification Authority will advise on how to pay the fee.

Completing the Conformance Statement and ISCA

  1. Download and complete the Conformance Statement, which includes declaring your Scope of Certification. Submit the completed Conformance Statement to the Certification Authority via email.
  2. Download the Implementation Selection Criteria Application (ISCA) Document. Complete the document per the instructions within the document and submit it to the Certification Authority via email.

    The objective of this activity is to identify a subset of products within the Scope of Certification that is representative of the full Scope of Certification and the O-TTPS processes utilized within the Scope. All Selected Representative Products will be assessed by an O-TTPS Recognized Assessor for conformance to the O-TTPS Conformance Requirements.

Certification Authority Review

  1. The Certification Authority must approve both the Conformance Statement, which includes the Scope of Certification, and the ISCA Document, which includes the Selected Representative Products, before you can move forward in the Assessment process. Once approved you may move onto the next step.

Assessment

  1. If you have not already done so, you need to choose an O-TTPS Recognized Assessor company from the register of O-TTPS Recognized Assessors to perform your Assessment.
  2. Inform the Certification Authority which O-TTPS Recognized Assessor company has been engaged.
  3. You need to download the Certification Package Document and then incorporate – from the completed and approved ISCA Document - the declared Scope information from Section 2 and the tables from Appendix A.
  4. Assemble the Certification Package, which includes the completed Certification Package Document along with the Evidence of Conformance. The Certification Package Document contains a table for each requirement. You must supply pointers to the evidence that demonstrates conformance to each requirement for every Selected Representative Product.
  5. Once the Certification Package has been assembled, you submit it to the O-TTPS Recognized Assessor you have chosen.
  6. The Assessor assesses the Certification Package Document and the Evidence of Conformance it references. Applying the Assessment Procedures, the Assessor determines whether the evidence provided demonstrates the Organization's conformity to the Conformance Requirements for each of the Selected Representative Products.
  7. Once the Assessor has completed the Assessment and finished the Assessment Report, which is included in the Certification Package Document, a representative of your Organization and the Assessor both need to sign the Assessment Report.
  8. The Assessor submits the updated Certification Package Document, including the Assessment Report, to the Certification Authority.

Completion of Certification

  1. The Certification Authority reviews the completed Certification Package Document including the Assessment Report for completeness and consistency across applications. Once the Assessment Report is approved you may move onto the next step.
  2. If you have not previously completed a Trademark License Agreement for use of the Certification Logo, it must be completed at this stage. Download the Trademark License Agreement, sign it and return to the Certification Authority.
  3. The Certification Authority will notify the Organization in writing of the outcome of the certification process.
  4. If successful the Certification Authority will issue the Certification certificate and update the Certification Registry.