4.2.2 Roles
Last updated
IDS-RAM 4
Last updated
The realization of the IDS Certification schema requires different roles responsible for different tasks:
Applicants,
Evaluation Facilities, and
one Certification Body
It should be noted that all roles described in this section are specific to the International Data Spaces (i.e. terms such as "Certification Body" should not be misunderstood to refer to an existing organization already granting certificates).
The defined roles and their main tasks are described below, while additional details on their tasks and interactions are described in .
The Certification Body oversees the certification process regarding quality assurance and framework governance. It defines standard evaluation procedures and supervises the actions of the Evaluation Facilities. A certificate is granted only if both the Evaluation Facility and the Certification Body have come to the conclusion that all preconditions for certification are fulfilled.
Contracted by an Applicant (see below), the Evaluation Facility is responsible for carrying out the detailed technical and/or organizational evaluation work during a certification process. The Evaluation Facility issues an evaluation report for the respective organization/individual or core component, listing details regarding the evaluation process and an assessment whether all requirements are properly fulfilled.
The term "Evaluation Facility" refers both to authorized auditors for management system evaluations (i.e., for Operational Environment Certification) as well as approved evaluators for software stacks (i.e., for Component Certification). Hence, the Certification Body oversees and cooperates with multiple Evaluation Facilities. However, only one Evaluation Facility is involved in each evaluation of an organization/individual or core component.
The Applicant is not just the subject of the evaluation and certification process, but plays an active part in it. An Applicant needs to actively submit an application to trigger the certification process. This applies to organizations/individuals that develop software components intended to be deployed within the International Data Spaces (i.e., prospective Software Providers) and to organizations that intend to operate components in the IDS. During the certification process, the Applicant provides all necessary material needed for the evaluation and certification of its component or organization and supports with questions or issues arising.