I have received an inquiry about TOSCA certification. My contact is interested in TOSCA-based orchestration but would like his vendors to present some sort of certification to demonstrate that they are compliant with the TOSCA standard. Specifically, they are looking for the following:
- Technical Evidence for Certification: List technical elements that need to be available to initiate the certification process (e.g., dedicated testbed, tools, source code, VPN access, test accounts, etc.).
- Documentation Needed for Certification: documents or evidence needed for certification (e.g., architecture documentation, security audits), that need to prepared in advance.
- Certification steps: steps needed to carry out the certification process from not certified to certified (Preliminary Processes, Preparation, Application Audit/Assessment/Evaluation, Certification Decision)
- Estimated duration and cost of the certification process
- Certification Maintenance: how certificates will be maintained during the evolution of a product, when there are major changes, when the certificate expires, or when other major product life-cycle events occur.
- Dependency on Other Certifications: certification may be dependent on other certifications. List, if any, other certifications that need to be achieved before beginning the certification process (e.g., ISO dependencies for W3C standards).
Does anyone have any experience setting up certification processes? Any feedback and/or input would be greatly appreciated.
Thanks, and best regards,
Chris