Security accreditation can range from a credential a website maintains to assure users of the integrity of encrypted data, to diplomas given to attendees of security trainings. The type of accreditation that would be necessary and appropriate depends on the application. In all cases, the process of obtaining a security accreditation should involve a neutral third party capable of making a balanced and unbiased assessment. That same party has the authority to revoke the accreditation if it feels the recipient no longer meets the standards it sets.
In computing, security accreditation is necessary to assure users that systems are secure. Many systems have safeguards in place and will not communicate with a system or website that lacks a security certificate. For example, browser software will alert a user if a site's credential is expired, doesn't match, or appears to have some other problem. The user can decide whether to proceed with sharing confidential information or to back out.
Computer systems can be subject to audit by accrediting agencies with the authority to evaluate a system and determine the level of security it provides to users. These agencies may also offer training for employees so they can learn about security protocol. They can evaluate employees to determine whether they are qualified to work on the system; for instance, the auditor might ask to see education records for staff members and could administer interviews or tests to see how much they know about computer security.
Such audits can be useful for everything from checking over government computers to auditing the manufacturing process for credit cards and associated systems. Security accreditation may also include training and certifying personnel who work with confidential and sensitive information. Hospital employees, for example, need confidentiality training to protect patient privacy. A hospital may need accreditation to qualify for certain insurance products like malpractice coverage or to work with specific insurance providers who offer coverage to patients.
The process of obtaining security accreditation can be time consuming and costly. The clear benefit is the ability to access more customers and benefits, which can pay for the cost of obtaining and maintaining the security accreditation. If companies have difficulty with the cost, they may be able to receive financial assistance if they can document a need and show how they will use their accreditation. Public grants, for instance, are available for institutions like hospitals and schools that need to upgrade their security measures.
