Is IP3 an “Official” CISSP training group?

The CISSP exam created by ISC2 is certified by the American National Standards Institute.  In order to achieve certification by ANSI, an organization must show that they are an independent third party, offering their certification to anyone, from any organization, who meets the qualifications required for the exam.  What that means is that the ISC2 body that produces the test and certifies individuals as CISSP’s, must be an independent third party.  Therefore there can be no “Official” CISSP training group.  Any training group claiming to be an “Official” CISSP training group, or claiming that another group is not “Official,” is falsely misrepresenting itself.

Below are sections taken directly from the ANSI application and certification documents which clearly show that any organization certified by ANSI must be an independent third party, and can not provide any sort of training themselves.

ANSI Publication - IAF-GD24-2004

G.4.2.4 Clause 4.2.2 of ISO/IEC 17024 provides that the certification body should not allow commercial or other considerations to influence the confidentiality, objectivity or impartiality of the certification process. Conformity with this clause is particularly relevant when the financial resources to set up a certification body has been provided by a particular interest that predominates in the shareholding and/or the board of directors.

G.4.2.6 A related body is one which is linked to the certification body by common ownership in whole or part and has common members of the board of directors, contractual arrangements, common names, common staff, informal understanding or other means such that the related body has a vested interest in any certification decision or has a potential ability to influence the process.

G.4.2.7 Although there is no specific restriction on the services or activities that a related body may provide, the certification body should analyze and document their relationship to determine the possibilities for any known conflicts of interest with provision of certification. The certification body should identify those bodies and their activities that could, if not subject to appropriate controls, affect confidentiality, objectivity or impartiality.

G.4.2.8 Certification bodies shall demonstrate how they manage their certification business and any other activities so as to eliminate actual conflict of interest and minimize any identified risk to impartiality. The demonstration shall cover all potential sources of conflict of interest, whether they arise from within the certification body or from the activities of related bodies. Accreditation bodies will expect certification bodies to open these processes for audit. This may include, to the extent practicable and justified, pursuit of audit trails, to review records of both the certification body and its related body for the activity under consideration. In considering the extent of such audit trails, account should be taken of the certification body’s history of impartial certification. If evidence of failure to maintain impartiality is found, there may be a need to extend the audit trail back into related bodies to provide assurance that control over potential conflicts of interest has been re-established.

G.4.2.9 Clause 4.2.2 of ISO/IEC 17024, requires that the documented structure of the certification body has built into it provision for the participation of all the significantly concerned parties in the different sectors in which it operates, including the consideration of public interest. This should normally be through some kind of committee.

G.4.2.16 Impartiality and independence of the certification body should be established at all levels including:

• structure of the organization;

• policies and procedures;

• evaluation;

• decisions and appeals on certification.

G.4.2.17 The certification body shall not engage in activities that could compromise its impartiality.

G.4.2.21 The responsible management, staff and/or personnel mentioned in clause 4.2.7 of ISO/IEC 17024 need not be exclusively engaged by the certification body,

G.4.2.23 The certification body should be responsible for ensuring that neither related bodies, nor sub-contractors, nor external examiners operate in breach of the undertakings that they have given. It should also be responsible for implementing appropriate corrective action in the event that such a breach is identified.

G.4.2.25 Information regarding education and training may be provided in literature by the certification body if they are used as pre-requisites for being eligible for certification or part of an examination preparation booklet. All known education and training prerequisites related to the certification scheme should be listed and publicly available.

However, nothing should be said or indicated by a certification body that would suggest that certification would be simpler, easier or less expensive if any specified education/training services were used.

G.4.2.26 Where the certification body provides certification and education/training services, it shall ensure that no impression is given that the use of both services would bring any advantage to the applicant, so that the certification process remains, and is seen to remain, impartial.

 

ANSI Publication - ANSI-PCAC-CA-501

2.1.1.4 In keeping with the scope, in order to be eligible for ANSI accreditation certification bodies must also satisfy the following basic criteria:

a) Be able to demonstrate independent third-party status as a certifier of individuals;

b) Be a legal entity or part of an legal entity;

c) Have clearly published defined scope of certification.

The scope of the assessment will be clearly defined and made known to the applicant.

Access is not conditional on the size of the applicant body or membership in any association or group, nor is accreditation conditional upon the number of bodies already accredited within the same sector.

ANSI Publication - ANSI-PCAC-FR-504

4.2.2 The certification body shall have a documented structure which safeguards impartiality, including provisions to assure the impartiality of the operations of the certification body.  This structure shall enable the participation of all parties significantly concerned in the development of policies and principles regarding the content and functioning of the certification system, without any particular interest predominating.

4.2.3 The certification body shall appoint a scheme committee, which shall be responsible for the development and maintenance of the certification scheme for each type of certification being considered. The scheme committee shall fairly and equitably represent the interests of all parties significantly concerned with the certification scheme, without any particular interest predominating.  Where a certification scheme is developed by organizations other than the certification body, the respective developer of the scheme shall adhere to the same principles.

4.2.5 The certification body shall not offer or provide training, or aid others in the preparation of such services, unless it demonstrates how training is independent of the evaluation and certification of persons to ensure that confidentiality and impartiality are not compromised.

4.2.6 The certification body shall define policies and procedures (e.g. code of conduct) for the resolution of appeals and complaints received from applicants, candidates, certified persons and their employers, and other parties about the certification process and criteria, as well as policies and procedures for the performance of certified persons.  These policies and procedures shall ensure that appeals and complaints are resolved independently, in an unbiased manner.

6.3.1 The decision on certification of a candidate shall be made solely by the certification body on the basis of the information gathered during the certification process.  Those who make the certification decision shall not have participated in the examination or training of the candidate.

To download a video discussing ANSI certification, right-click here and choose Save As.