Definition of concepts

APPROVAL: in general, approval is the certification of a product's compliance with a standard or regulation. Its purpose is to guarantee the consumer that the product he is buying corresponds to what he is entitled to expect. In IT, this is a step in the evolution process of an information system which consists of validating that an application, an application module, corresponds to the expected functionalities, and meets the technical specifications.

TRAINING: it is a set of attitudes consisting in teaching a person the knowledge and skills necessary for the execution of common professional functions. Vocational training is generally adopted for people already exercising a professional activity, and wishing to increase their skills.

AUDIT: IT Audit (in English Information Technology Audit or IT Audit) aims to identify and assess the risks (operational, financial, reputation in particular) associated with the IT activities of a company or an administration . An IT audit, audit of information systems, is done according to a scheme in 4 phases:

Precise definition of the work plan, information gathering, research and mapping of the business and / or IT processes to be assessed, definition of roles and responsibilities, analysis of strengths and weaknesses.
Analysis of important processes, definition of risks, preliminary risk assessment, effectiveness of controls.
Control tests.
Materiality tests.

APPROVAL: it is a document on which is mentioned an agreement given by an authority to the appointment of a person or the execution of a project requiring his authorization or his prior opinion.

ACCREDITATION: it is the recognition that we attribute to an organization in a given field. It can be a voluntary approach, to highlight its competence or made compulsory within the framework of a regulation. In certain regulations the public authorities grant temporary recognition in order to give the accreditor the opportunity to assess the know-how (competence) of the applicant organizations during a well-defined period. It is based on a normative frame of reference defining requirements in terms of technical competence and implementation of a management system.

CERTIFICATION: it is a set of procedures by which an approved organization external to a company guarantees that a product, service, organizational system or process meets the requirements of a standard.

There are three main categories of certification:

  • first party certification, a self-declaration made by yourself;
  • second party certification, where the customer verifies the conformity of his supplier;
  • third party certification, where compliance is verified by an independent certification body.

In general, requests for certification from approved organizations are made by companies that wish to have an additional advantage over the competition and put their customers in confidence.