TERMS OF REFERENCE FOR CERTIFICATION BODIES (CBs)



Similar documents
CHECKLIST ISO/IEC 17021:2011 Conformity Assessment Requirements for Bodies Providing Audit and Certification of Management Systems

Terms of Reference for an IT Audit of

IAF Informative Document. Transition Planning Guidance for ISO 9001:2015. Issue 1 (IAF ID 9:2015)

REQUEST FOR EXPRESSIONS OF INTEREST (CONSULTANT SERVICES)

CP14 ISSUE 5 DATED 1 st OCTOBER 2015 BINDT Audit Procedure Conformity Assessment and Certification/Verification of Management Systems

IRAP Policy and Procedures up to date as of 16 September 2014.

How do I gain confidence in an Inspection Body? Do they need ISO 9001 certification or ISO/IEC accreditation?

NAIROBI CITY COUNTY NAIROBI COUNTY PUBLIC SERVICE BOARD

National Accreditation Board for Certification Bodies. Accreditation Criteria

QUAๆASSURANCE IN FINANCIAL AUDITING

ACCREDITATION AND QUALITY ASSURANCE IN HIGHER EDUCATION IN KENYA: THE ROLE OF THE COMMISSION FOR HIGHER EDUCATION

EDUCORE ISO Expert Training

TENDER NUMBER: ITT/SACU/015/2015/O Information and Communication Technology (ICT) Audit IT Effectiveness Review

Spillemyndigheden s Certification Programme Change Management Programme

TERMS OF REFERENCE FINANCIAL CONSULTING FIRM 6 MONTHS, NATIONAL

FSSC Certification scheme for food safety systems in compliance with ISO 22000: 2005 and technical specifications for sector PRPs PART II

DCA metrics for the approval of Auditing Firms for Certifications Scheme VERSION 1.0

RULES GOVERNING COMPLIANCE OFFICERS OF DEALING MEMBER FIRMS 1

Certification Process Requirements

Cyber Security Consultancy Standard. Version 0.2 Crown Copyright 2015 All Rights Reserved. Page 1 of 13

IAF Mandatory Document for the Transfer of Accredited Certification of Management Systems

Certification Process Requirements

I T Service Management Implementation and

Professional Development for Engagement Partners Responsible for Audits of Financial Statements (Revised)

(Draft) Transition Planning Guidance for ISO 9001:2015

Position Description. Department: Quantitative Research Direct Reports: Project Manager/Researcher Senior Researcher

Project Management Guidelines

NABET Criteria for INFORMATION SECURITY MANAGEMENT SYSTEMS (ISMS) Lead Auditor Training Courses

Memorandum of Understanding

Assist Members in developing their own national arrangements through being able to draw on and hence benefit from the experience of other members;

Spillemyndigheden s Certification Programme Change Management Programme

QUALITY ASSURANCE OPERATIONAL FRAMEWORK. University of Liverpool. Liverpool, L69 7ZX. And. Laureate

QUALITY ASSURANCE GUIDE FOR GREEN BUILDING RATING TOOLS

Asset Management Systems Scheme (AMS Scheme)

IAS ACCREDITED INSPECTION AGENCIES: GUIDELINES FOR CONDUCTING INTERNAL AUDITS AND MANAGEMENT REVIEWS. Revised January, 2016

ETSI TS V2.1.1 ( )

TG TRANSITIONAL GUIDELINES FOR ISO/IEC :2015, ISO 9001:2015 and ISO 14001:2015 CERTIFICATION BODIES

This is Document Schedule 5 Part 1 referred to in this Contract SCOTTISH MINISTERS REQUIREMENTS SCHEDULE 5 PART 1 QUALITY MANAGEMENT SYSTEM

NABET Accreditation Criteria for QMS Lead Auditor Training Course

DNV GL Assessment Checklist ISO 9001:2015

Competence Requirements for Audit Professionals

DRAFT GUIDANCE. This guidance document is being distributed for comment purposes only. Document issued on: July 2015

Annex II: Terms of Reference for Management and Implementation Support Consultant (Firm)

AGENCY MANAGEMENT FRAMEWORK FOR INSURANCE AGENT

Application for CISM Certification

SECTION B DEFINITION, PURPOSE, INDEPENDENCE AND NATURE OF WORK OF INTERNAL AUDIT

MINISTRY OF FINANCE, PLANNING AND ECONOMIC DEVELOPMENT THE THIRD FINANCIAL MANAGEMENT AND ACCOUNTABILITY PROGRAMME (FINMAPIII) TERMS OF REFERENCE

Private Health Insurance Code of Conduct

3. Criteria for Recognition of Certification Bodies

ADVERT POSITION: SPECIALIST: CONTRACTS MANAGEMENT JOB LEVEL: 6 DURATION 3 YEAR CONTRACT LOCATION: NATIONAL OFFICE PORTFOLIO: DSU

NATIONAL ENVIRONMENT MANAGEMENT AUTHORITY (NEMA)

Certification Body Quarterly Data Submission Instructions QFE-016 Version 1.0

Aerospace Quality Management Requirements Update: April 2009

Validation Audit Process Definition and Criteria

3 Terms and definitions 3.5 client organization whose management system is being audited for certification purposes

Requirements for Certification as an. IRCA Auditor (All Schemes)

FSSC Q. Certification module for food quality in compliance with ISO 9001:2008. Quality module REQUIREMENTS

The IP3 accreditation process. Bob Hart Chief Assessor September 2008

Contact address: Global Food Safety Initiative Foundation c/o The Consumer Goods Forum 22/24 rue du Gouverneur Général Eboué Issy-les-Moulineaux

International Workshop Agreement 2 Quality Management Systems Guidelines for the application of ISO 9001:2000 on education.

1.0 BACKGROUND 2.0 OBJECTIVE OF ASSIGNMENT

Application for CISA Certification

NABET Accreditation Criteria for 3 Day Modular OH&S Auditor Training Course

Revised Scheme of Service. for Accountants

Selection and use of the ISO 9000 family of standards

CHARTER TIO Board of Directors

NATIONAL INFORMATION TECHNOLOGY AUTHORITY-UGANDA DRAFT TERMS OF REFERENCE FOR CONSULTANCY SERVICES UNDER FRAMEWORK CONTRACTS

Drinking Water Quality Management Plan Review and Audit Guideline

REQUIREMENTS FOR CERTIFICATION BODIES TO DETERMINE COMPLIANCE OF APPLICANT ORGANIZATIONS TO THE MAGEN TZEDEK SERVICE MARK STANDARD

EUR-ACE. Framework Standards for the Accreditation of Engineering Programmes. Foreword Programme Outcomes for Accreditation...

NABET Criteria for OH&S Lead Auditor Training Course

Association for Project Management Business Management System

SINGLE RESOLUTION BOARD VACANCY NOTICE ICT PROJECT MANAGER AND BUSINESS ANALYST (SRB/AD/2015/017)

(1 May to date) ACCREDITATION FOR CONFORMITY ASSESSMENT, CALIBRATION AND GOOD LABORATORY ACT 19 OF 2006

M a r k e t i n g. About managing the doing of marketing for management roles

Spillemyndigheden s change management programme. Version of 1 July 2012

R000. Revision Summary Revision Number Date Description of Revisions R000 Feb. 18, 2011 Initial issue of the document.

The Audit Committee self-assessment checklist

INFORMATION TECHNOLOGY PROJECT MANAGEMENT ANALYST I / II / III

Consultants Alliance LLC. Professional Development Programs

RDTL Procurement Best Practice Guide 7: Managing Contracts. RDTL MINISTRY OF FINANCE Procurement Service BEST PRACTICE GUIDE 7: MANAGING CONTRACTS

JOHN HART GENERATING STATION REPLACEMENT PROJECT. Schedule 9. Quality Management

Information Governance Strategy and Policy. OFFICIAL Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.

Federal Bureau of Investigation s Integrity and Compliance Program

TERMS OF REFERENCE OF THE AUDIT COMMITTEE UNDER THE BOARD OF DIRECTORS OF CHINA PETROLEUM & CHEMICAL CORPORATION

GFMAM Competency Specification for an ISO Asset Management System Auditor/Assessor First Edition, Version 2

IMDRF. Final Document. 9 December 2013

Criminal Justice Offender Tracking System Certification Program Requirements

Schneps, Leila; Colmez, Coralie. Math on Trial : How Numbers Get Used and Abused in the Courtroom. New York, NY, USA: Basic Books, p i.

STATUTORY INSTRUMENTS 2012 No. _

Certification Procedure of RSPO Supply Chain Audit

The Asset Management Landscape

RESTRICTED. Professional Accreditation Handbook For Computer Science Programmes

DQS UL ASSESSMENT AND CERTIFICATION REGULATIONS

Abu Dhabi EHSMS Regulatory Framework (AD EHSMS RF)

KINGDOM OF SAUDI ARABIA. Capital Market Authority CREDIT RATING AGENCIES REGULATIONS

Transcription:

TERMS OF REFERENCE FOR CERTIFICATION BODIES (CBs) AUGUST 2014

1. Introduction National Information Technology Authority (NITA-U) was established by the Act of Parliament (National Information Technology Authority, Uganda Act of 2009) and was operationalized in 2010. The authority was charged with an overall mandate to coordinate, promote and monitor the development of Information Technology (IT) in the context of social and economic development of Uganda. Among the main functions of the authority section 5(f) of the NITA-U Act 2009 mandates NITA-U To set, monitor, regulate and enforce standards for Information Technology hardware & software planning, acquisition, implementation, delivery, support, organization, sustenance, disposal, risk management, data protection, security and contingency planning. In order to promote standardization across the IT Industry in Uganda, the NITA-U is in the process of implementing the Accreditation and Certification Framework (ACF). The Framework is intended to be used to Certify and Accredit IT Service Providers, IT training, IT Professionals and IT Products (Hardware and Software) with a view of ensuring quality delivery of IT Services to the citizens of Uganda. NITA-U shall in performing above functions, consult and cooperate with other Institutions/organizations with functions related to, or having aims or objectives related to Accreditation and Certification. Section 32(2) of the NITA-U Act 2009 (Relationship with other Organization) mandates NITA-U to delegate any of its functions under the Act to any organization. In implementing the Accreditation and Certification Framework therefore, NITA-U shall prequalify Certification Bodies (CBS) to offer Certification Services on its behalf in line with the above section of the NITA-U Act 2009. The Certification bodies shall issue Certificates to IT Training Institutions, IT Professionals, IT Service Providers and IT Products upon verification, testing, Assessing and ascertaining that the requirements have been met in accordance with the requisite industry standards. The Certificate issued by the Certification Bodies shall act as confirmation that the Training Institution, professional, provider as well as products have been attested/approved to operate. NITA-U therefore requires the services of Certification Bodies (CBs) to conduct/offer Certification activities/services on its behalf in the above areas. 2. Objective of the assignment 2.1 Main objective of the Assignment The main objective of the assignment is to Certify/Accredit IT Service Providers, IT Training Institutions, IT Professionals as well as IT Products (hardware and software) on behalf of NITA-U in a consistent, competent, credible and reliable manner thereby ensuring quality in the delivery of IT services to the citizens. Holy Spirit Take Over Page 2

2.2 Specific Objectives The specific objectives of the assignment are as follows: 1. To grant/issue certification where there is sufficient evidence of conformity to the requisite standards by the IT Service provider, products, IT training institutions and professionals. 2. To establish strategic alliances with other National/International agencies engaged in Accreditation/Certification/conformity assessment activities. 3. To create and increase awareness of the role, value and integrity of independent third party certification and/or notification. 4. To promote, support, encourage efficient certification and notification to ensure consistent application of IT standards in the delivery of IT services, products and Training to consumers 5. To continuously review and upgrade technical content/requirements for the delivery of IT services in line with market need. 6. To enhance capacity of IT Service providers to adapt and innovate to meet the current and future technological challenges as well as evolving regulatory issues within the IT Industry in Uganda. 7. To continuously improve and sustain quality of IT certification services, consistent with market requirements and technological developments thereby providing better value to consumers. 8. To promote professionalism within the IT industry by ensuring alignment and adherence to ethical code of conduct and global IT training service standards by the IT professionals and IT Training Institutions. 3. Scope of Work The Certification services/activities shall be conducted to certify IT training Institutions, IT Service Providers, IT Products (hardware and software) and IT Professionals. The detailed scope of work has been provided in the specific tasks and the time span in sections 3.1 and 3.2 respectively. Holy Spirit Take Over Page 3

3.1 Specific Tasks The following specific task should be undertaken by the Certification Bodies (CBs), although new areas of importance proposed by the stakeholders shall be included as well: (a) Benchmark and develop fees structure for Certification of IT Training Institutions, IT Service Providers, IT Products and IT Professionals. (b) Develop Plans, Procedures and tools for Certification in the areas mentioned above as well as propose key competences required for conducting Certification in the areas. (c) Conduct application reviews for Certification in the above areas for completeness (d) Develop Certification Audit Plans, Methodology and Strategy including work plans for each of the specific areas. (e) Conduct Certification Audits in accordance with the requisite IT Industry Standards and develop reporting mechanisms for Certification audits. (f) Award Certification to IT Service Providers, IT Training Institutions, IT Products and IT Professionals upon fulfillment of the requirement for Certification in accordance with the specified standards. (g) Develop a Monitoring and Evaluation Framework for compliance to requirement of Certification status/award (h) Develop mechanism for communication, reporting, receiving and providing feedback/responses regarding Certification Reviews, Audits, Inspections, Standards, Corrective actions, Certification awards, appeals, clarifications and complaints etc. (i) Develop strategy/framework for collaboration with other National/International agencies /Accreditation/Certification/bodies/Laboratories engaged in conformity assessment activities (j) Develop Advocacy and Dissemination Plans for the Accreditation and Certification activities/programme including conducting awareness among stakeholders on the initiative. (k) Build Capacity of NITA-U as well as key stakeholders to coordinate and manage the Accreditation and Certification environment Holy Spirit Take Over Page 4

4. Expected Deliverables The Certification Bodies(CBs) shall submit to the National Information Technology Authority (NITA-U) the following reports, documents and outputs in English in approval prescribed format, both soft and hard copies: (i) (ii) Inception Report prior to commencement of Certification activities in any of the areas mentioned above Accreditation and Certification fees structure for IT Training Institutions, IT Professionals, IT Service Providers as well as Products, (iii) Documented list of resources (Personnel competencies, materials, equipment, standards, security etc.) required for Accreditation and Certification in the specific areas. (iv) Mechanism/Criteria for selection of Certification Auditors for the respective areas (v) Certification Audit Plan, Methodology and Strategy including work plan for each of the specific areas. (vi) Certification Instruments (templates, checklists, questionnaires and forms) (vii) Framework for communication, reporting, receiving and providing feedback/responses regarding Certification Applications, Reviews, Audits, Inspections, Standards, Corrective actions, Certification awards, appeals, clarifications and complaints etc. (viii) Framework for verifying, documenting and reviewing the effectiveness of Corrective Actions undertaken to address issues identified during Certification Audits. (ix) Monitoring and Evaluation Framework for the Certification Programme (x) Framework for collaboration with other National/International agencies /Accreditation/Certification/bodies/Laboratories (xi) Advocacy and Dissemination Plans for the Accreditation and Certification activities/programme (xii) Framework for building capacity of stakeholders as well as NITA-U to manage the Certification and Accreditation environment Holy Spirit Take Over Page 5

4.2 Time span The Certification Bodies upon being pre-qualified by the NITA-U shall carryout the above tasks for a period of THREE (3) YEAR renewable upon satisfactory performance. 5. Reporting The medium of communication for the assignment shall be English. The Certification body will produce the documents and Reports in both electronic and hard copy formats, as Microsoft Word documents, and submit them to the NITA-U. 6. Responsibility of NITA-U (i) The Executive Director will be the contact person in NITA-U for the duration of the assignment; (ii) NITA-U shall lobby for participation of key stakeholders in Accreditation and Certification; (iii) NITA-U shall provide relevant background documents for the assignment; (iv) Liaison and assistance in communicating with stakeholders; (v) NITA-U shall provide overall guidance on issues such as complaints, appeals, arbitration, decisions etc. that might arise as a result of the Certification activities conducted. 7. Profile of the Certification Body (CB) The firm/company undertaking the above mentioned tasks shall meet the following minimum requirements summarized in the table below: No. Basic Requirement 1. Firm/Company Experience Minimum Standards Legal Entity - Shall be legally registered organizations either in Uganda or overseas - Certification Bodies (CBs) that are not local shall partner with Ugandan locally registered and operating organization(s)/firms Certification Body/Firm Experience - Experience will depend on the focus domain for Certification Holy Spirit Take Over Page 6

- Not less than Three years of verifiable experience in conducting IT Certification Services in accordance with standards below and will also depend on the focus domains for Certification: 2. Human Resource: (The Human Resources shall include but not be limited to the following depending on the identified areas) ISO/IEC 17021:2006: Conformity assessment-requirements for bodies providing audit an Certification of management systems ISO/IEC 17024:2012: Conformity assessment - General requirements for bodies operating certification of persons ISO/IEC 17065:2012: Conformity assessment - Requirements for bodies certifying products, processes and services ISO/IEC 17025:2005: General requirements for the competence of testing and calibration laboratories etc. Affiliations to Regional and International Accreditation /Certification Bodies - Affiliated to regional and International Accreditation and Certification Bodies (International Accreditation Forum (IAF), International Laboratory Accreditation Certification (ILAC), etc.) Representation - Regional representation ensuring participation by subject matter experts from developing regions (Africa) and developed regions (Europe, America and Asia/Pacific etc.) 1. Team Leader The leader Auditor shall possess the following minimum qualifications: i. Bachelor s Degree in Computer Science or Information Technology/Telecommunications/Electrical Engineering or a related relevant qualification; ii. Proven additional training in planning, implementation, monitoring and evaluation of IT Projects and programmes iii. Professional registration as Certified Auditor (ISO, etc.)/affiliations to body of Certified Auditors iv. Possess Industry Certifications in IT Service Management, IT Governance, IT Security (ISO 20000, ITIL, CGEIT, CISSP, CISM, CISA, PMP etc.) Holy Spirit Take Over Page 7

v. At least 5 years experience working in the ICT field, with particular verifiable experience in: - Developing and implementing Policies, Standards & Guidelines, Frameworks and Strategies for ICT/IT, Management Information Systems, etc. at organizational, national and regional levels - Accreditation & Certification Assessments conducted within the above period an IT environment - Conducting assessments by the application of any of the following International Standards: ISO 20000, ISO 17020, 17021, 17024, 17025, 17065 among others. - Establishing Quality Management Systems in accordance with requisite International Standards - Linking ICT to overall National and Regional Development plans - Meeting and Workshop Facilitation - Report Writing vi. Working knowledge of Government and IT Sector procedures and processes. vii. Negotiation and conflict resolution skills 2. ICT Expert/Specialist The ICT Expert/Specialist shall possess the following minimum qualifications: i. Bachelor s Degree in Computer Science, Information Technology or a related relevant qualification; ii. Possess Industry Certifications in IT Service Management, IT Governance, IT Security (ISO 20000, ITIL, CGEIT, CISSP, CISM, CISA, PMP etc.) iii. Professional registration as Certified Auditor (ISO, etc.)/affiliations to body of Certified Auditors iv. At least 5 years experience working in the ICT field, with particular verifiable experience and expertise in: - In institutional organization and business management in Holy Spirit Take Over Page 8

complex environments, experience in strategic IT processes planning and management, drafting reports, working with Government institutions. - Knowledge and experience in Assessment of IT training Institutions, Professionals, Service providers, and Products for Accreditation /Certification in accordance with requisite Industry service Standards. - Conducting assessments by the application of any of the following International Standards: ISO 20000, 17020, 17021, 17024, 17025, 17065 among others. - Developing, analysing and implementing IT policies, standards and guidelines. - In-depth knowledge and understanding of IT, e- Government development issues, Information Technology (IT) Security and relevant work experience. - Proven knowledge of the Uganda IT Industry; - Negotiation and conflict resolution skills 3. Legal & Regulatory Services Advisor/Officer The Legal Service Officer shall possess the following minimum qualification and skills: i. Bachelor Degree in Law with a diploma in legal Practice ii. iii. Postgraduate qualification in law or business administration A minimum of 5 years experience in legal practice or corporate legal services and verifiable knowledge in the following: - Accreditation & Certification of Training Institutions, Professionals, Service providers and Products - Implementation of legal and policy frameworks and policies to support governance of IT delivery in the public and private sector. - Excellent Knowledge of Contract, Commercial, Corporate Law and business acumen - National legal and policy framework for IT Service level Management Holy Spirit Take Over Page 9

iv. Knowledge of the Ugandan Cyber Laws will be an added advantage. v. Negotiation and conflict resolution skills 8. Background Documents NITA-U shall provide the following background documents to provide information relevant to the assignment: i. NITA-U Act 2009 ii. iii. Accreditation and Certification Framework-2014 Standards, Regulations and Accreditation and Certification Guidelines to Enhance the Business Process Outsourcing (BPO) Industry in Uganda - 2013 iv. National ICT Policy Framework 2008 v. National e-government Framework 2009 vi. National IT Policy 2010 vii. National ICT Policy 2003 viii. BPO Strategy and Model for Uganda (2008-2011) Holy Spirit Take Over Page 10

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information