In-House Certification Programs
In order to validate employees’ knowledge, skills and proficiency, organizations employ many different techniques. In-house certifications are often developed to fulfill a need within the organization. For example, an organization might be inclined to develop a certification to improve the quality and consistency of customer service. Certifications might be developed to improve security measures against ever-increasing threats from hackers. Or they might simply be employed to reduce the potential for mistakes made on the job—that’s assuming that certified individuals are, on average, more qualified than those who are not certified.
At Countrywide Financial Corp., a leading mortgage and financial-services provider, the push for developing in-house certifications spawned from efforts to uphold the many security and compliance standards required for financial institutions. For Countrywide Financial Executive Vice President and Chief Technology Officer Joe DiDonato, who is responsible for educating Countrywide Financial’s 4,500-plus IT professionals, adding security certifications to the IT curricula for the various job roles will ensure employees continue to meet set standards such as Sarbanes-Oxley (SOX), the Gramm-Leach-Bliley Act (GLB) and the Federal Information Security Management Act (FISMA).
“Security is part of every employee’s job—whether employed in IT or elsewhere in the organization. We get many thousands of attempts to break into our environment on a monthly basis that we are on guard against. We face tremendous fines for any lost customer data,” DiDonato explained. “Although training concerning security and compliance standards is woven in the fabric of almost all training, we wanted to build a certification program, called the Data-Shield project, to ensure that no one leaves back doors of applications open and defenseless. We must ensure that data and applications are secure, that firewalls are impenetrable, etc.”
DiDonato is still in the process of developing the in-house security certifications; however, he said that the certifications would be tied to job roles rather than simply to the technologies used in a job role. “For example, a DBA certified in the Data-Shield project would use various tools for data layering for capacity planning and so forth, so it isn’t just a single technology like being certified in Oracle, they are dealing with the environment that is there,” he said. “We go out, use an advisory board that goes across all of our operations that defines what those roles are and we create optional certification tracks for all of those because even within our company, the environments vary from division to division. So we are very division specific, very job-role specific as it applies to our various environments that we support. There is no averaging, there is no one technology because in any given job role employees may encounter 10, 15 different technologies that are used during day-to-day operations.” In fact, at Countrywide Financial more than 1,400 different business-critical technologies and applications are used on a day-to-day basis.
Similarly, Cingular Wireless, one of the largest wireless service providers in the United States, launched an in-house professional certification program in 2005 to certify the company’s more than 6,000 IT workers by job role incrementally. Shailesh Grover, senior director of IT methods, processes and quality for Cingular, said the ITMaP Professional Certification program revolves around the IT organization’s 19 Wireless Unified Process (WUP) disciplines and is used to enable employee growth, drive change and achieve quality results. The 19 WUP disciplines range from release management to analysis and design to software quality assurance to configuration and change management.
Cingular has three primary certification categories: role-based certification, project/release-based certification and delivery tower-based certification. Each of these categories has three levels of certification—bronze, silver and gold—that are based on required competencies.
According to Grover, Cingular IT’s goal is to support the business by developing high-quality customer service products, which enable customer growth and satisfaction and certification helps us drive change and achieve quality results. For DiDonato, the Data-Shield project will ensure that every Countrywide IT professional understands how to manage data at the various stages it appears in applications.
“We need to ensure that everyone who would ever come near an application would know how to deal with the data at the various stages it appears. So there is data sitting at rest, there is data sitting in transport, there’s data being manipulated in applications, and safe guarding that from the many hacking attempts is vital,” DiDonato said.
Most organizations validate employees’ skills—whether it is by requiring that job candidates hold vendor-neutral or vendor-specific certifications or by requiring that employees to take in-house certifications or both. Regardless of the technique employed, organizations validate their employees’ skills because the overall success of the business depends on their performance.