diff --git a/Standards/scs-0007-v2-certification-integrators.md b/Standards/scs-0007-v2-certification-integrators.md new file mode 100644 index 000000000..78ef61ad5 --- /dev/null +++ b/Standards/scs-0007-v2-certification-integrators.md @@ -0,0 +1,65 @@ +--- +title: Certification of integrators +type: Procedural +status: Draft +#stabilized_at: YYYY-MM-DD # TODO when Stable +replaces: + - scs-0007-v1-certification-integrators.md +track: Global +description: | + SCS-0007 defines the process and rules on how to become certified as SCS Integrator. +--- + +## Introduction + +The purpose of this document is to describe a concept for how an implementation partner (also referred to as an applicant) can obtain certification as SCS Integrator. In essence, this certificate is intended to express that an applicant has sufficient technical knowledge and experience to provide technical support to other organizations using SCS. +By design, this certification demands to reach a certain score based on a predefined scoring system. As it may take some time for an aspiring applicant to become an SCS Integrator, a lesser variant of the certificate, called SCS Bronze Integrator, is also defined which can be achieved with a lower score. + +## Motivation + +As an implementation partner, I want to become certified as SCS Integrator in order to prove sufficient technical knowledge and experience to provide technical support for SCS. + +## Regulations + +The certificates are awarded for a period of one year based on the predefined scoring system below. +The certification is done either by the Forum SCS-Standards or an attestation body nominated by the forum. + +### Certificate levels + +Version 2 of this standard introduces a multilevel certification with Silver and Bronze levels. The levels are awarded according to a target score to be reached based on a predefined scoring system (see below). + +- Certified SCS IaaS Silver Integrator: SCS IaaS (Infrastructure as a Service) implementation partner +- Certified SCS KaaS Silver Integrator: SCS KaaS (Kubernetes as a Service) implementation partner +- Certified SCS IaaS Bronze Integrator: aspiring SCS IaaS (Infrastructure as a Service) implementation partner +- Certified SCS KaaS Bronze Integrator: aspiring SCS KaaS (Kubernetes as a Service) implementation partner + +As to remain backward compatibility with version 1 of this standard, the suffix for the "Silver" level MAY be omitted. The certificate level _Certified SCS IaaS Silver Integrator_ and _Certified SCS KaaS Silver Integrator_ therefore corresponds to the previously existing certificates _Certified SCS IaaS Integrator_ and _Certified SCS KaaS Integrator_ from version 1 of this standard. Certificates that have already been issued remain valid and will get the new name when issued once again. + +### General expectations + +The general expectation for certification is to provide proof of experience in setting up, operating and supporting SCS-compliant environments. + +SCS is an open source community project with the goal of enabling digital sovereignty. As such, the commitment and support of this mission SHOULD be recognized and promoted beyond technical competence. + +The applicant SHOULD work towards ensuring that digital sovereignty is implemented in accordance with the SCS definition (Standards and [Mission Statement](https://docs.scs.community/community/mission-statement)). This is expressed in a way that, in addition to the technology used to build environments (not necessarily only SCS environments), knowledge and experience in SCS standards compliance (SCS-compatible IaaS and KaaS) is also available and that environments built by the applicant have already been configured in accordance with the standards and are listed on the SCS compliance list. + +The applicant SHOULD work towards ensuring that the cloud environments it sets up and/or manages are also officially visible as SCS clouds, thereby strengthening the SCS brand. + +### Scoring system + +The applicant MUST achieve a total of at least FOUR points to become SCS Silver Integrator or at least TWO points to qualify as SCS Bronze Integrator according to the following scoring system: + +- two points for each SCS-compliant environment of a third party successfully brought into production by the applicant in the last 12 months, one point for 6 months; +- two points for each SCS-compliant environment of a third party actively being managed by the applicant for the last 12 months, one point for 6 months; +- two points for each SCS-compliant public-cloud environment with at least two regions or at least three availability zones being operated by the applicant for the last 12 months, one point for 6 months. + +Here, an SCS-compliant environment is one that qualifies for [_Certified SCS-compatible IaaS_](https://docs.scs.community/standards/scs-compatible-iaas) or [_Certified SCS-compatible KaaS_](https://docs.scs.community/standards/scs-compatible-kaas), depending on the desired certification. + +### Attestation + +The audit for the certification of an applicant is carried out by the Forum SCS-Standards or an attestation body. It will assess and, if necessary, obtain evidence from the applicant to be able to estimate which score will be achieved in total and how. + +## Version history + +- Version 1 introduced the certification as SCS Integrator with the option to request for a voting on exceptions. +- Version 2 introduces a multilevel certification with a predefined scoring system in order to avoid the previously ambiguous voting on exceptions. diff --git a/Standards/scs-0007-w1-certification-integrators-implementation-notes.md b/Standards/scs-0007-w1-certification-integrators-implementation-notes.md index b743d2ed3..2859dbf37 100644 --- a/Standards/scs-0007-w1-certification-integrators-implementation-notes.md +++ b/Standards/scs-0007-w1-certification-integrators-implementation-notes.md @@ -1,36 +1,25 @@ --- -title: "Implementation hints for achieving Certified SCS Integrator" +title: "Implementation hints for achieving SCS Integrator certification" type: Supplement track: Global supplements: - - scs-0007-v1-certification-integrators.md + - scs-0007-v2-certification-integrators.md --- ## Introduction The standard scs-0007 documents what requirements integration partners must fulfill to be eligible for being certified as SCS Integrators. -This document contains hints how these requirements may be evaluated by the Forum SCS-Standards -auditor and how exceptions will be handled. - -### Voting on exceptions - -When someone requests approval for a certified SCS integrator that does not meet all requirements, -this can be waived with a qualified vote in the Forum SCS-Standards. -To avoid conflict of interests and social pressure clouding this exception, we envision the -following process: - -- The beneficiary party (the integrator in whose favor the exception is requested) should be - invited to a meeting to explain why they believe that they qualify as a certified SCS - integrator despite not meeting the normal qualification criteria. -- The forum members may ask the beneficiary clarifying questions that should be answered. -- To ensure an open discussion, the beneficiary should be excluded from the discussions about - the matter. The same applies if the beneficiary party is a member of the Forum - SCS-Standards. In that case, the expulsion should not be counted against the required quorum - to avoid forum members from having a disadvantage. If the excluded party is a voting member, - they will automatically abstain from the vote. -- Any parties that have significant conflicts of interests are expected to make these - conflicts transparent and cast abstention votes. - -By the time of re-certification, all exceptions from a previous certification should have been -eliminated. +This document describes the process and associated checks used to validate an applicant's suitability based on plausibility checks and the evidence submitted. + +## Certification process procedure + +To apply for a certification as an SCS Integrator, an application request must be sent to the attestation body. In the application request, the applicant specifies the certification level for which it is applying. The relevant SCS-compliant environments must also be specified as references therein, which should be used to calculate the necessary score according to the scoring system. + +If the listed references are joint environments (e.g. two or more implementation partners have jointly set up an SCS environment or manage them together), it must be sufficiently demonstrated what the applicant's own share in the setup and operation of the environment is. + +As specified in standard scs-0007, the listed references must also be compatible with standard scs-0004, which means they must qualify as [_Certified SCS-compatible IaaS_](https://docs.scs.community/standards/scs-compatible-iaas) or [_Certified SCS-compatible KaaS_](https://docs.scs.community/standards/scs-compatible-kaas). However, they do not necessarily have to be certified according to SCS-0004. It is sufficient to demonstrate that the respective environment meets the corresponding scope in its current version. Proof is provided by running the official [SCS compliance test suite](https://github.com/SovereignCloudStack/standards/tree/main/Tests), whereby all tests must pass. The test suite can be run either by the applicant or the attestation body. Ideally, the test results should be submitted directly together with the application request. + +In the next step, the attestation body conducts an examination based on the application request and the accompanying evidence provided. The attestation body gets in contact with the applicant in order to resolve any remaining discrepancies and open issues together. + +If there are no outstanding issues and all requirements have been sufficiently met with the relevant evidence, the respective certificate according to the score achieved will be issued.