Standards and certifications relevant to B2B suppliers that provide outsourced development and IT services. These cover quality, information security management and service management and apply to offshore, nearshore, staff augmentation from suppliers. Standards are typically international, such as ISO9001, IS27001 but some may be specific to a country or region.
Jump to: ISO | ITIL | Partner Networks | SSAE | CMMI | PCMM | CREST | NCSC (UK) | FedRAMP | COBIT | PCIDSS | HIPAA | CSA | SOX | OCEG | COSO | IOT
Typical standards that suppliers may be certified to by an external independent party.
For further information visit: https://www.iso.org/popular-standards.html
An acronym for Information Technology Infrastructure Library. The latest version of the guide is V4 that covers running digital/IT services and infrastructure.
For further information visit: https://www.axelos.com/best-practice-solutions/itil
The major software and cloud platforms also offer certifications to businesses.
For further information visit:
SSAE Statement on Standards for Attestation Engagements
SOC System Operating Control
For further information visit:
Originally developed by Carnegie Mellon University in the USA and now managed by the CMMI Institute.
It has three areas of interest
And has 5 levels of maturity
For further information visit:
This model from the CMMI institute is for organizations that improve their performance through best practice and key practices for critical people management processes.
For further information visit: https://cmmiinstitute.com/pm
The following are standards applicable to security
Guidance on security in the supply chain:
There is also a scheme for UK businesses to show they have a level of security in place:
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.