[Owasp-cert] Certification Provider

Gary Palmer owasp at getmymail.org
Sun Sep 7 21:32:27 EDT 2008

Sorry, I sent to James and forgot the list:
#6 I suggest you state what agreement you are referring to.
#7 I suggest asking how we are protected "from" as opposed to how we are
protected "by".
Do we have any option for blind auditing of a center?
Will we be able to review the results of their audit of their test centers?


From: owasp-cert-bounces at lists.owasp.org
[mailto:owasp-cert-bounces at lists.owasp.org] On Behalf Of
james at architectbook.com
Sent: Sunday, September 07, 2008 8:31 AM
To: owasp-cert at lists.owasp.org
Subject: [Owasp-cert] Certification Provider

I am compiling a list of questions that we would like to know about
Kryterion that aren't addressed on their web site with the hope of gaining
additional insight in the next week or two. Below are a list of questions
that I have and I would love to receive questions from others on this
1. OWASP as its mission has as a focus the goal of making web application
security visible. It could be potentially embarassing if the testing
provider we chose actually had vulnerabilities we evangelize. Would your
organization be open to an audit of source code used for testing if the
proper NDAs were in place?
2. Our past experience with certifications offered by Prometric uncovered
that not all testing centers can administer all tests. Will we experience
something similar here? If not, could you explain why?
3. Thomson Prometric periodically offers item writing workshops to college
faculty and other non-profits. Do you have a similar offering?
4. What is the liability you hold if the exam information is leaked through
a breach?
5. How do you ensure compliance with ADA with respect to physical
accessibility of test sites and the provision of accommodations in the
taking of the examinations by qualified disabled candidates?
6. Can we assume that your agreement states that you have provisions for
mandatory insurance including general liability (at least $1 million in the
aggregate and per occurrence), automobile liability (combined single limit
of at least $1 million), and workers compensation as required by law?
7. How are we protected by unreasonable price increases?
8. How often are test centers outside of North America physically reviewed?
9. Do you have capabilities such as capturing a digital signature,
collecting digital photo and providing photo on score report?
10. Do you have any form of secret shopper program?
11. What forms of marketing assistance do you provide?
12. Kryterion has less testing centers than other providers. How can we tell
the difference in selective judgement of Kryterion bringing on new centers
vs the centers themselves not joining up due to their inability to generate
profit from partnering with Kryterion?
13. Can you send us a copy of a sanitized RFP for another entity where you
competed against Prometric and/or Vue?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-cert/attachments/20080907/36ba8cf8/attachment.html 

More information about the Owasp-cert mailing list