CSIO Certification – Frequently Asked Questions

 


Q: What is CSIO Certification?

A: CSIO Certification is a national process to certify trusted, standards-based applications for a variety of insurance information technology applications.

 

Q: What are the objectives of CSIO Certification?

A:

  • Provide a national program to reduce the cost and risk to vendors and purchasers of insurance information technology applications in Canada
  • Promote the use of trusted, interoperable insurance information technology applications in the Canadian marketplace
  • Ensure standards-based applications are uniformly implemented across the country

 

Q: How can I assess my application’s ability to meet CSIO’s certification criteria before formally committing to the application process?

A: All of the assessment criteria against which your application will be assessed are available for review prior to making any certification commitments. Furthermore, CSIO will provide guidance to help you understand the assessment criteria and respond to any of your questions.

CSIO wants you to be successful and encourages you to submit the application package once you are confident that your application complies with all of the stated criteria. Please keep in mind that 100 per cent compliance is required for certification.

 

Q: For which standard categories does CSIO offer certification?

A: Currently, CSIO offers certification for:

Business Area Eligible Members
eDocs - personal lines Insurers, Vendors
eDelivery Brokers, Insurers, Vendors

 

Q: What are the criteria against which applications are assessed?

A: The standards used in the CSIO Certification include:

  • Interoperability: CSIO pan-Canadian Standards
  • Management: Selected criteria from the Information Systems Audit and Control Association’s Control Objectives for Information and Related Technology (COBIT)

 

Q: How does the certification process work?

A: A vendor or insurer wishing to certify their application shall self-assess and provide evidence indicating compliance with the assessment criteria. Evidence is provided through attestations, supporting documentation and demonstration of the application. Certification is a four-step process: Request, Review, Certify, and Maintain. The review process extends over a 60-day period once CSIO receives a completed application package.

 

Q: What do I have to submit and demonstrate to gain CSIO Certification?

A: For certification, the review consists of two parts:

  • Document Review: an expert review of your self-assessment, attestation and supporting documentation
  • Demonstration: scripted test scenarios (and test data) the applicant must follow in demonstrating their application to the assessment team in a non-production environment, typically via web conference

 

Q: Are there fees for certification?

A: The certification program is available to all members as part of their membership fee.

 

Q: Does CSIO publish the names of vendors or insurers that are going through the certification process?

A: Vendors and insurers undergoing certification are strictly confidential. Names of applications and/or vendors are not published or otherwise made available by CSIO at any time during the process. Safeguards have been put into place around the use and disclosure of all information submitted through the certification process. The CSIO assessment team is bound by strict non-disclosure agreements. CSIO only publishes the names of applications that have been successfully certified.

 

Q: What happens if my application does not meet CSIO Certification?

A: If CSIO does not certify your application, you are entitled to have CSIO explain the decision and a formal review will be initiated.

 

Q: How do I market my certified application?

A: All certified applications will receive a CSIO Certification logo. The certification logo can be used in marketing and promotional material related to the certified application. In addition, the application name and certification details are posted on CSIO’s website. Upon certification, you will receive the CSIO Certification Mark as well as the CSIO Certification Mark Styling Guide, which includes rules regarding Mark usage.

The CSIO Certification Mark Styling Guide is also available upon request. The guide contains important information, such as:

  • CSIO Certification Mark design principles
  • CSIO Certification Mark usage guidelines
  • Colour Scheme information
  • Typography information
  • Copywriting style guidelines, e.g., CSIO Certification rather than CSIO certification

 

Q: What is the term for CSIO Certification?

A: Application certification is valid for a period of one (1) year from the applicable certification date.

For each subsequent recertification, the certification period will be for a 12-month period, starting on the applicable certification date. Upon receipt of an application, your certification may be extended for two additional one-year terms.

If the application has been materially modified, enhanced or updated since the previous assessment, CSIO may require that the new version undergo a reassessment.

 

Q: What is involved in maintaining my insurance information technology applications certification?

A: To maintain your certification, you are required to notify CSIO of adverse events as well as any application changes that may affect compliance against assessment criteria.

 

Q: Where can I find information on applications that have been certified by CSIO?

A: Certified Solutions are listed on the CSIO website upon successful completion of the certification process.

 

Q: Where can I find further information on certification?

A: Review the CSIO Certification Process page for a high-level overview of the certification process. Upon submitting your application, you will receive the CSIO Certification Guide, which provides more detailed information. In addition, you may submit certification-related queries to certification@csio.com.