As part of our newly evolved situation with two specifications in market (one ISO/IEC standard for license compliance and one de facto but soon to be ISO/IEC standard for security compliance), our self-certification efforts are ripe for revamp and expansion.
We took the first step in that direction today (2022-10-05) by creating a version of the Self-Certification Questionnaire for ISO/IEC 5230 in MarkDown based on the material from the existing Self-Certification Web App located on the OpenChain Website. Huge credit to Steve @ Analogue Devices for this work.
Steve’s initial contribution gives us a super clean and easy way to review and improve the questions for self-certification related to ISO/IEC 5230:
It also provides us with a clean way to fork and create a sister self-certification questionnaire for our Security Assurance Specification, the sister standard to ISO/IEC 5230.
Oh wait, but there is more!
On the markdown call today (2022-10-05) we decided that the best structure moving forward is checklist rather than a questionnaire. This is initially identical to the self-certification questionnaire in terms of structure and general wording, but everything is phrased as a statement rather than a question. You can find there here:
And now we have a call to action. Please help review the checklist and see what you think of the wording for each statement. Is it clear enough? Can you improve it? If you find bugs or opportunities for improvement, please open an issue or a pull request to help make self-certification to ISO/IEC 5230 easier than ever.
What we do will feed back into the primary website resources, and it will form the basis of new self-certification material for our Security Assurance Reference Specification.