ANSI as an Accreditor

www.ansi.org/accreditation

International Cloud Symposium

October 11, 2012Presented by: Anne Caldas

acaldas@ansi.org

ANSI coordinates standards, conformity assessment, and related activities in the United States of America Founded in 1918, ANSI is a private, non-profit organization

ANSI is not a government agency or standards developer (SDO) and ANSI does not test products, personnel or services

ANSI’s mission is to enhance the global competitiveness of U.S. business and the American quality of life by promoting and facilitating voluntary consensus standards and conformity assessment systems and ensuring their integrity.

2012 ANSISlide 2

2012 ANSISlide 3

U.S. member of ISO

U.S. member of the IEC, via ANSI’s U.S. National Committee

a U.S. member of IAF and ILAC

member of regional forums in the Pacific Rim and the Americas

liaison with groups in Europe, Africa and the Middle East

bilateral agreements with other national standards bodies

Represent U.S. globally

Accredit standards developers and conformity assessment organizations

Ensure integrity of the American National Standards (ANS) and US conformity assessment system

Offer neutral forum

Offer accreditation framework in response to market and government needs

Coordinate partnerships between U.S. public and private sectors

2012 ANSISlide 4

2012 ANSISlide 5

Product/Person/Organization

Accreditation bodies

Assess competence

Conformity assessment bodies

Audit/Test/Verify conformity

Accredited 3rd-Party Hierarchy

(ISO/IEC 17011 standard for accreditation bodies)

IAF International Accreditation

Forum

IAACInter American Accreditation Cooperation

PAC Pacific

Accreditation Cooperation

APLACAsia-Pacific Laboratory

Accreditation Cooperation

EA European

Accreditation Cooperation

ILACInternational Laboratory

Accreditation Cooperation

Multilateral Recognitionsare Essential

ANSI 2012Slide 7

“ANSI’s Role in Conformity Assessment”

ANSI is committed to 2 related but distinct efforts:

1. ANSI Conformity Assessment Policy Committee (CAPC) addresses conformity assessment policy issues.

ANSI International Conformity Assessment Committee (ICAC) and ISO Conformity Assessment Committee (CASCO)

Promotes education and understanding of conformity assessment

2. ANSI Accreditation Programs accredit conformity assessment bodies

Serve market; open, flexible and efficient; technical rigor; highest integrity Strengthen, enhance government recognition for regulatory needs Support mutual recognition, interests and competitiveness of U.S. industry

2012 ANSISlide 8

ANSI’s Accreditation Roles

Conformity Assessment (ISO/IEC 17011)

ProductCertifiers

PersonnelCertifiers

SDOs

ANSI Procedures for ANS

“Essential Require-ments”

Standards

Laboratories

Inspection Bodies

ISO/

IEC

1406

5

ISO/

IEC

1702

1

ISO/

IEC

1702

4

ISO/

IEC 1702

5

ISO/

IEC 1702

0

Management System Certifiers

ISO/

IEC

1706

5

Greenhouse Gas

Verifiers

U.S. TAGs to ISO

ANSI Internatio

nal Procedure

s

CertificateIssuers

ANSI/

ASTME2659-

09

ANSI 2012Slide 9

What can ANSI provide?

What can ANSI provide? Mature (since 1972), but flexible, accreditation

infrastructure based on ISO/IEC 17065, the current version of Guide 65

Credible and well regarded track record Broad-based expertise Program design responsive to market needs

Which conformity assessment method is appropriate depends on:

• Customer's requirements• Risk associated with product/service• Regulatory requirements

2012 ANSISlide 10

What does ANSI provide and what is needed to establish an Accreditation Program for Cloud Services? What aspects of introducing an Accreditation

Program would need to be addressed?

- Identification of a reliable and recognized organization as “Scheme” owner

- Standards that will be used by the CBs to certify Cloud Computing Services

- Competent and recognized Accreditation body- Certification bodies that demonstrate

competence, consistency in the operation of certifications and impartiality

2012 ANSISlide 11

US Government Reliance on ANSI AccreditationPrograms www.ansi.org/accreditation

Sample Programs: FCC: Accreditation of Telecom Certification Bodies since 2000

ONC

EPA WaterSense

EPA Energy Star

SFI/PEFC Certification Program for Chain of Custody

GLOBAL GAP

SQF

Personnel: Industry (e.g., Microsoft) and Government: FDA, Defense, OSHA, State Government (e.g., California)

See additional background slides for details

ANSI Backgroundwww.ansi.org/accreditation

ANSI 2012Slide 13

Conformity Assessment: Cloud Computing

Certification of services: a means of providing assurance that cloud computing services providers comply with specified requirements in standards and normative documents

What cloud computing services could be certified? Data and applications stored in a server(s) that exist in

some place other than the user (client) location Certification Scheme could be developed by a Scheme owner

- ISO/IEC 17001 (Impartiality), 17065 (Replaced ISO/IEC Guide 65), 17067

- OASIS standards and others- Scheme Requirements could address: Security, Integrity,

Confidentiality, Performance, Availability, Accuracy, Risk Management, Interoperability

Accreditation by a third party, like ANSI, is an option

2012 ANSISlide 14

US Government Reliance on ANSI as an Accreditor Telecommunications and Radio Equipment:  The U.S. federal

government relies on ANSI to accredit telecommunication certification bodies under a Federal Communications Commission (FCC) program that enforces rules for the manufacturers of telecommunications and radio communication equipment used in the U.S. and abroad.  ANSI’s accreditation of telecommunication certification bodies is also recognized by several other nations.

(Since 1972) In 2000 FCC processed about 1,500 certifications; in 2011,

using accredited 3rd party certification bodies who processed 985 (est) of the certifications, around 15,000 were issued – a ten-fold increase

IC – Canada; iDA – Singapore; OFTA – Hong Kong; Japan MIC Requirements

2012 ANSISlide 15

US Government Reliance on ANSI as an Accreditor

ONC – Information Technology – Electronic Health Records: The American National Standards Institute (ANSI), coordinator of the U.S. voluntary standardization system, is pleased to announce the first accreditations of health information technology certification bodies under the U.S. Department of Health and Human Services (HHS) Office of the National Coordinator (ONC) Permanent Certification Program for Health Information Technology (HIT). In June 2011 ANSI was selected as the Approved Accreditor for the ONC program, which was established by regulation in a final rule published in the Federal Register on January 7, 2011. The program provides a way for organizations to become authorized by ONC to test and certify electronic health record (EHR) technology. As Approved Accreditor, ANSI reviews and accredits all certification bodies seeking to participate in the ONC program.

 

2012 ANSISlide 16

US Government Reliance on ANSI as an Accreditor

EPA WaterSense:  WaterSense is a partnership program sponsored by the U.S. Environmental Protection Agency that seeks to protect the future of our nation's water supply by promoting water efficiency and enhancing the market for water-efficient products, programs, and practices.  To ensure the WaterSense program's integrity and sustainability and also to ensure consumer confidence in the products that bear the WaterSense label, ANSI has been recognized as an accreditor of the WaterSense Program. Through partnerships with irrigation professionals and irrigation certification programs and manufacturers, retailers and distributors, and utilities, the program is designed to promote water-efficient landscape irrigation practices and to bring WaterSense products to the marketplace and make it easy to purchase high-performing, water-efficient products.

 

2012 ANSISlide 17

US Government Reliance on ANSI as an Accreditor

EPA Energy Star®:  To ensure that Energy Star® remains a trusted symbol for environmental protection through superior efficiency, EPA and DOE collaborated to develop enhancements for product qualification and verification. These enhancements include: third-party qualification prior to labeling, laboratory qualification, and comprehensive verification testing. As a signatory to the International Accreditation Forum (IAF) Multilateral Recognition Agreement (MLA), ANSI is recognized by the EPA Energy Star® Program to evaluate the competency of product certification bodies in accordance with ISO/IEC Guide 65 in each of the designated product categories. EPA and ANSI envision the enhanced testing and verification to be an integral part of the Energy Star® Program.

2012 ANSISlide 18

US Government Reliance on ANSI as an Accreditor

U.S. Government Recognition - Personnel: The U.S. Government is increasingly relying on ANSI accreditation for verification of the quality of certification programs and to control fraud and misuse in certain industries.

In view of the proliferation of certification programs and the need to help consumers make informed decisions, government agencies are looking to ANSI accreditation to differentiate quality programs and improve practices in industry.

The ANSI accreditation process is designed to increase the integrity, confidence, and mobility of certified professionals.

Some of the government agencies that are closely associated with ANSI accreditation include: Food and Drug Administration, Department of Defense, Department of Defense, Massachusetts Securities Commission and Occupational Safety and Health Administration

2012 ANSISlide 19

Conformity Assessment Vocabulary

ISO/IEC 17000 – Conformity Assessment: demonstration that specified requirements relating to a product, process, system, person or body are fulfilled. Note 1 The subject field of conformity assessment

includes activities defined elsewhere in this International Standard (IS), such as testing, inspection and certification as well as the accreditation of conformity assessment bodies

Note 2 The expression “object of conformity assessment” or “object” is used in this IS to encompass any particular material, product, installation, process, system, person or body to which conformity assessment is applied. A service is covered by the definition of a product…

2012 ANSI Slide 20

Conformity Assessment Vocabulary

Certification: third-party attestation related to products, processes, systems or persons Note 1 Certification of a management system is

sometimes also called registration. Note 2 Certification is applicable to all object of

conformity assessment except for conformity assessment bodies themselves, to which accreditation is applicable.

Accreditation: third-party attestation related to a conformity assessment body conveying formal demonstration of its competence to carry out specific conformity assessment tasks

2012 ANSISlide 21

Conformity Assessment Vocabulary

Service: result of at least one activity necessarily performed at the interface between the supplier and the customer, which is generally intangible. (17065) Note 1 Provision of a service can involve, for

example, the following: an activity performed on a customer-supplied tangible product (e.g. automobile to be repaired); an activity performed on a customer-supplied intangible product (e.g. the income statement needed to prepare a tax return); the delivery of an intangible product (e.g. the delivery of information in the context of knowledge transmission); the creation of ambience for the customer (e.g.

American National Standards Institute

Headquarters New York Office

1899 L Street, NW 25 West 43rd

Street

11th Floor 4th Floor

Washington, DC 20036New York, NY

10036

T: 202.293.8020 T:

212.642.4900

F: 202.293.9287 F:

212.398.0023

www.ansi.orgwebstore.ansi.org

www.nssn.org

Anne CaldasSr Director

Procedures & Standards Administration

acaldas@ansi.org212-642-4914