Government Involvement: This Could Be Good
People from Utah generally don’t like government interference in anything. We are pretty independent that way. Most of us are Republicans, believing that less government is good government. My brother-in-law, a prominent U.S. senator and Democrat, likes to joke that the number of Democrats in Utah doubles whenever he comes to visit. I’ve not been able to find the other one.
Of course, all of that is a little exaggerated. Even in Utah we appreciate the contribution of government to many aspects of our lives. And not just in Utah. Recently, I’ve learned of a specific situation where I think federal government involvement is proper and beneficial to the IT certification community.
The Department of Defense now has a policy regarding the hiring of individuals with information security (also called information assurance) IT certifications only if those individuals have received those certifications from accredited programs. The Department of Homeland Security and other government agencies that deal with IT security issues may follow suit. One of the logical steps, in my opinion, will be to include all IT certifications in the policy, not just those that deal with security.
Corporations will probably follow the lead of the government agencies, having more confidence in a certification from an accredited program than from one that isn’t.
So, let’s be a little clearer on the concept of accreditation. As a term, it is analogous to certification, except that it applies to organizations, institutions and programs, rather than people. A certification program can be accredited if it passes certain standards—a test of sorts. A certification candidate can be certified if he or she passes an actual certification test.
The Department of Defense wants IT certification programs to be accredited to show that they have adhered to important standards. Those standards will make sure that the professionals who achieve certification are knowledgeable and skilled. The department, like any other hiring organization, is tired of hiring IT professionals who are certified, but cannot perform as advertised. I don’t blame them. Criticisms on the quality of certifications have always dogged IT certifications, even if unjustified most of the time. The Defense Department believes, correctly, that requiring accreditation will lift the quality of IT certification programs. I believe it too.
What standards are we talking about here? The standards cover a number of important areas, from proper ways to manage a certification program to building valid exams. They cover the protection of candidate data, as well as setting appropriate passing scores. And there are many, many more, but they aren’t so many or so difficult that the accreditation is a barrier. In fact, one IT organization has already been accredited.
The particular standards the Department of Defense wants to use for accreditation are those established by the International Standards Organization for certification bodies. The accreditation is actually administered for U.S. programs by the American National Standards Institute (ANSI). Today, a program accredited by ANSI would be the only IT program accreditation accepted by the Defense Department.
To boil it all down to personal terms, if any of you want to work for the government in the future, you will need to be certified by specific programs that are following standards high enough to obtain accreditation. If you haven’t realized it yet, that’s actually good news for you. Hopefully, this trend toward accreditation will increase the level of professionalism in certification programs. And with that professionalism come better benefits for you and better exams. Programs will make greater efforts to protect the security of the tests, making sure that individuals don’t receive a certification when they don’t deserve it. The certification you obtain will naturally have greater respect in the business community, and your chances of landing great jobs, getting raises or being promoted will go way up. That’s not a theory—it’s a reality.
Of course, program fees may rise, including testing prices, to pay for the necessary improvements. That’s a small price to pay if the expected benefits come through.
It’s important to recognize and applaud the efforts of the International Information Systems Security Certification Consortium (ISC)2. This organization has successfully achieved the ANSI accreditation for the Certified Information Systems Security Professional (CISSP) credential, being the first IT certification to do so. A press release describing the achievement can be found at www.isc2.org/cgi-bin/content.cgi?page=1005.
There are several programs that have already applied, so I think we’ll have some more accredited certifications to choose from. If you get a chance, please encourage whichever program you are working with to apply. This is good news for all of us.
David Foster, Ph.D., is president of Caveon (www.caveon.com) and is a member of the International Test Commission, as well as several measurement industry boards.