Guide to the NSI Certification and Verification Program

Issue 1.1.4 - January 25, 2010


Table of Contents

1. Introduction

1.1 Referenced Specifications
1.2 Summary of Web References

2. How to Achieve NSI Certification or Verification

2.1 Understanding the Certification and Verification Program
2.1.1 The NSI Certification/Verification Policy and Policy Supplements
2.1.2 The NSI Conformance Requirements Documents
2.2 Confidentiality
2.3 Preparing for Certification or Verification
2.4  Certification/Verification
2.5 The NASPL Certification/Verification Trademark License Agreement (TMLA)
2.6 The NSI Certification/Verification Agreement

3.  Organization-level Certification/Verification Steps

3.1  Registering your Organization within the Web-Based Certification/Verification System
3.1.1 Organizational Contacts
3.1.2 Organization Home Page
3.2 Completing the Trademark License Agreement
3.3 Maintaining Up-to-Date Contact Information

4. Certification/Verification Against a Best Practice or Technical Standard

4.1 Registration, Submission of Certification/Verification Information, and Validation Process
4.1.1 Payment
4.2 Completion of Certification/Verification

5. Renewals Process

6.  Certified/Verified Entity Modifications and Updates

7. Supporting Processes

7.1 The Appeals Process

8.  Certification/Verification Steps

Appendix A: Using the Editing Tool


1. Introduction

This document is a guide for organizations who want to certify or verify business practices and/or technologies in the North American Association of State and Provincial Lotteries (NASPL) Standards Initiative Certification and Verification Program. It will guide you through all the steps required for certification or verification.

NASPL Standards Initiative (NSI) certification/verification is awarded to those business practices and technologies that have been certified or verified by the NSI Certification and Verification Authority as having demonstrated their conformance to the applicable conformance requirements. The detailed requirements for conformance are identified in the various NSI Conformance Requirements documents. Only organizations with a certified or verified business practice or technology (a "Certified/Verified Entity") may use the NASPL certification/verification trademark in connection with their business practice or technology.

The NSI Certification/Verification Policy and the Policy Supplements (collectively, the "Certification/Verification Policy") govern the NSI Certification and Verification Program. The Trademark License Agreements govern the use of the applicable NASPL Certification/Verification Logo. The NSI Certification/Verification Agreement covers the terms and conditions of the certification/verification service, along with the obligations of the organization certifying or verifying a business practice or technology. Your organization must agree to the terms and conditions outlined in the Certification/Verification Policy and both legal agreements prior to certification/verification. For your convenience, significant highlights of the NSI certification/verificationprocess are outlined below, and later sections provide more comprehensive information.

  1. The Open Group (the "Certification and Verification Authority") administers the NSI Certification and Verification Program on behalf of NASPL as its designated Certification and Verification Authority.

  2. Your organization will be granted a license to use the NASPL Certification/Verification Logo in connection with your business practice or technology when your business practice or technology meets all the requirements for certification or verification as defined in the Certification/Verification Policy and your organization has formally agreed to all the required terms.

  3. The applicable NASPL Trademark License Agreement must be fully signed (signatures are required from both you and NASPL) in order to have a business practice or technology certified or verified.

  4. A Certified/Verified Entity is subject to re-certification or re-verification on a periodic basis as stated in the Certification/Verification Policy.

  5. All business practice and technology specific information supplied to the Certification and Verification Authority will be treated as confidential, as required by the NSI Certification/Verification Agreement.

  6. The NSI Certification and Verification Authority may, from time to time, request proof that your business practice or technology remains in compliance with the requirements outlined in the NSI Conformance Requirements, as required by the Certification/Verification Policy.

At the end of this document is a list of certification/verification steps to help you make sure that your business practice or technology registration is complete.

Note: In the event of any conflicts, this guide defers to the NSI Certification/Verification Policy and Policy Supplements, the applicable NASPL Trademark License Agreement, and the NSI Certification/Verification Agreement.

1.1 Referenced Specifications

The specifications currently referenced for the NSI Certification and Verification Program are:

These are referenced by the NSI Conformance Requirements documents and are located at http://www.opengroup.org/naspl/published.

You should be familiar with the appropriate Best Practice and Technical Standard specifications prior to commencing certification or verification.

1.2 Summary of Web References

A summary of the external web references is given below:

http://www.opengroup.org/naspl/conformance The starting point for NSI Certification or Verification
http://www.opengroup.org/naspl/conformance/docs/policies.html The NSI Certification/Verification Policy and Policy Supplements
http://www.opengroup.org/naspl/published The NSI Best Practices and Technical Standards
http://www.opengroup.org/naspl/conformance/docs/guides.html The Guide to NSI Certification/Verification and Guide Supplements
http://www.opengroup.org/naspl/conformance/cert/register.html The NSI Certification Register
http://www.opengroup.org/naspl/conformance/verify/register.html The NSI Verification Register
http://www.opengroup.org/naspl/conformance/docs/conformance_rqmts.html The current set of Conformance Requirements documents
http://www.opengroup.org/naspl/conformance/docs/csqs.html The Conformance Statement Questionnaires and Checklists
http://www.opengroup.org/naspl/conformance/docs/validation_docs.html Documents used in the Validation Process
http://www.opengroup.org/naspl/conformance/docs/NSI_Cert_Verify_Agrmt.pdf The NSI Certification/Verification Agreement
http://www.opengroup.org/naspl/conformance/docs/NSI_Certification_TMLA.pdf The NASPL Certification Trademark License Agreement
http://www.opengroup.org/naspl/conformance/docs/NSI_Verification_TMLA.pdf The NASPL Verification Trademark License Agreement
http://www.opengroup.org/naspl/conformance/PR The Problem Reporting and Interpretations System
http://www.opengroup.org/naspl/conformance/docs/NSI_FAQ.html The Frequently Asked Questions File

2. How to Achieve NSI Certification or Verification

This guide details the steps you are required to take to achieve certification or verification, and provides information on how to perform each of these steps.

The process involves:

2.1 Understanding the Certification and Verification Program

To become familiar with the program, you should read the following program documents:

2.1.1 The NSI Certification/Verification Policy and Policy Supplements

It is best to start with the NSI Certification/Verification Policy and the applicable Policy Supplements. These policy documents are the foundation of the program. They provide information on what can be certified or verified in the program, what it means to be certified/verified, what is required to get certified/verified, and how to make sure that a business practice or technology remains certified/verified.

2.1.2 The NSI Conformance Requirements Documents

The applicable NSI Conformance Requirements documents should then be read to understand the detailed conformance requirements against which a business practice or technology may be certified/verified. The NSI Conformance Requirements documents provide a mapping between a business practice or technology and the NSI Best Practices and Technical Standards. There is an NSI Conformance Requirements document for each entity that can be certified or verified in the program.

The current Conformance Requirements documents against which vendors, manufacturers, or retailers may certify entities are:

The current Conformance Requirements documents against which lotteries may verify entities are:

You should review Section 3, "Conformance", of the Certification/Verification Policy along with the NSI Conformance Requirements documents to identify those areas against which you would like to have your business practice or technology certified or verified.

2.2 Confidentiality

Your organization and business practice or technology information is absolutely confidential between you and the NSI Certification and Verification Authority. This is effective once you accept the NSI Certification/Verification Agreement, which is a prerequisite to registering for certification or verification. The Certification and Verification Authority does not make any certification or verification information available to any third party without the written permission of the organization.

Upon successful completion of the certification or verification process, the Certified/Verified Entity will be included in the publicly available Register. Your organization may request that this information be kept confidential for up to 6 months from the date of written notification by the Certification and Verification Authority that your business practice or technology has achieved certification or verification. This request for confidentiality must be made at the time your business practice or technology is registered within the web-based certification/verification system.

See Section 12 of the NSI Certification/Verification Policy for further information on the confidentiality policy related to certification/verification.

2.3 Preparing for Certification or Verification

You should read the Conformance Requirements documents applicable to the business practice or technology you are considering certifying or verifying to ensure you understand the requirements for certification/verification. Your organization should use whatever methods you deem appropriate to make sure that your business practice or technology meets the applicable conformance requirements and is ready for entry into the Certification and Verification Program.

Specific preparation steps for certification/verification against a particular Best Practice or Technical Standard can be found in the appropriate Guide Supplement.

2.4 Certification/Verification

Certification/verification is a formal process. Your organization must warrant and represent that your business practice or technology meets all the conformance requirements applicable to the NSI Conformance Requirements document against which it is to be certified or verified.

The obligations, terms, and conditions of certification/verification are fully set out in the following documents:

It is necessary to read these documents before you start the process in order to fully understand the policies and requirements.

To achieve certification or verification, your organization must complete both the organization-level steps described below as well as the steps specific to certification/verification against a particular Best Practice or Technical Standard, as described in the appropriate Guide Supplement.

2.5 The NASPL Certification/Verification Trademark License Agreement (TMLA)

The NASPL Certification/Verification Trademark License Agreement is between you and NASPL and requires signature by each party. The TMLA defines the terms under which you will license the NASPL Certification/Verification Logo for use in connection with your Certified/Verified Entities.

It is recommended that you commence the process to complete the applicable NASPL Trademark License Agreement as soon as possible to save delays later on. A Trademark License Agreement must be signed by both you and NASPL before a business practice or technology can be certified or verified and entered onto the Register.

The Trademark License Agreement only needs to be entered into once per organization. Once it is in place multiple business practices and/or technologies can be certified or verified, without the need to execute another agreement with NASPL.

2.6 The NSI Certification/Verification Agreement

You are required to agree to the NSI Certification/Verification Agreement for each business practice or technology registration.

The NSI Certification/Verification Agreement is between you and the Certification and Verification Authority. It defines the service provided by the Certification and Verification Authority and the legal commitment by your organization to the conditions of the Certification and Verification Program. This is also where your organization warrants conformance of your business practice or technology to the relevant Conformance Requirements document.

Note: The NSI Certification/Verification Agreement is a web-based agreement. When you click the "I accept" button you are indicating that you accept the terms and conditions.


3. Organization-level Certification/Verification Steps

The first two steps below need to be performed once per organization. They are the first steps to be performed when an organization wishes to certify or verify its first business practice or technology. Thereafter, an organization must ensure that contact information is maintained such that it is up-to-date.

3.1 Registering your Organization within the Web-Based Certification/Verification System

The NSI Certification and Verification Authority provides a web-based certification/verification system through which business practices and technologies can be submitted for certification or verification. The entry point is at http://www.opengroup.org/naspl/conformance.

In order to use the system, you will need to obtain an account on the Certification and Verification Authority's web server, complete an Organization Registration Form to identify your organization and contact information, and accept the terms and conditions of the NSI Certification and Verification Program. The Certification and Verification Authority must approve your organization registration before your organization account becomes activated. Access to the system will only be granted to your organization's designated contacts, after your organization account has been activated.

If this is not your organization's first business practice or technology registration, you should first ensure that you have permission to register a business practice or technology (i.e., you are either a Key or Technical contact for your organization - see Section 3.1.1, Organizational Contacts, for further information). If you do not have permission, then you should inquire within your organization to determine who the Key Contacts are and ask them to add you as a Technical Contact so you may register a business practice or technology for certification or verification. If you are unable to determine who your organization's Key Contacts are, you may contact the Certification and Verification Authority requesting such information. If you do have permission, then skip to the appropriate section below in order to register your business practice or technology against a specific set of Conformance Requirements.

Please take the following steps to register your organization and its contacts:

  1. Select "Enter", then "Proceed to Secure Website" to enter the secure web server.

  2. You will need a username and password on The Open Group's web server for identification purposes. If you don't yet have an account, you may obtain one from the NSI certification/verification website by selecting "New User" to create your username and password. Once you have received a confirmation email indicating that you are a registered user, you may return to the system and proceed with the next step.

  3. Select "New Organization Account". If you just registered yourself as a new user, you may need to repeat step 1 above in order to see this option. You will be prompted for your username and password if you haven't already provided it. You then need to specify the name of your organization and indicate your acceptance of the terms and conditions of the program to gain entry into the system.

  4. To register your organization, you need to provide information about your organization and specify the name and contact information for the following contacts:

  5. The system will then send electronic mail to your designated Authorized Signatory, who must respond by electronic mail to the Certification and Verification Authority to acknowledge and authorize your organization's registration. The Certification and Verification Authority will review the response and, if the requirements are met, accept your organization for entry into the system.

When the above steps are complete and the Certification and Verification Authority has responded to your designated Authorized Signatory with notification that your organization's registration has been accepted, the Authorized Signatory, Primary Certification/Verification Contact, Alternate Certification/Verification Contact, and any Technical Contacts will be given access to your organization's home page within the system. Each of these contacts will receive confirmation by electronic mail that your organization account has been activated.

If any of these individuals did not previously have a login on The Open Group's web server, the system will have a username and password created and sent to these users via email. The system will also send an alert email to each such individual notifying them that they have been registered on the system, indicating the name of the person who performed registration and indicating that they will be receiving an email with a username and password that may be used to login to the organization's account on the system.

At this point, your Authorized Signatory, Primary Certification/Verification Contact, Alternate Certification/Verification Contact, and any Technical Contacts will be able to progress to the next stage, which is accessing the system to commence registration of your business practice or technology.

3.1.1 Organizational Contacts

When specifying contacts for your organization, it is important to understand that the different contacts have different roles, capabilities, and responsibilities within the NSI web-based certification/verification system. A given individual may be specified for more than one of the contact fields, and thus will take on more than one role within the system. Only individuals who are designated as one of the contacts for your organization will have access to your organization's information within the system, and only to the extent provided by the role to which they are assigned.

Key Contacts

The specified Authorized Signatory, Primary Certification/Verification Contact, and Alternate Certification/Verification Contact are considered "Key Contacts" within the system. Key Contacts have the ability to access and/or modify any of the information on the organization and its business practices or technologies that are registered for certification or verification. Key contacts are able to register business practices or technologies for certification or verification or name the individuals who may perform such registrations, via specifying these individuals as Technical Contacts. Key Contacts have the ability to add, modify, or delete information on the Technical Contacts list, or change the named Technical Contacts on individual registrations.

Technical Contacts

Technical Contacts may be specified during the initial registration of your organization or, after your organization account has been activated, the Key Contacts may specify or update the Technical Contacts list at any time.

Technical Contacts, along with Key Contacts, are authorized to register business practices and technologies within the system. However, unlike Key Contacts, Technical Contacts will only have the ability to manage (i.e., register and modify information on) those business practices or technologies for which they are a named Primary Technical Contact or Alternate Technical Contact. Technical Contacts will be able to view organization-level information and information on other business practice or technology registrations submitted by others, though they won't be able to modify such information.

Via the use of Technical Contacts, an organization may specify individuals who are responsible for a particular certification or verification or set of certifications or verifications for the organization.

Finance and Marketing Contacts

Finance and Marketing Contacts, at both the organizational level and the business practice registration or technology registration level, are not provided with access to the system. These contacts are provided for informational purposes for the Certification and Verification Authority to use to address any financial (payment, invoicing, etc.) issues and marketing issues or announcements.

3.1.2 Organization Home Page

Once your organization account has been activated, your organization will have an organization home page within the web-based certification/verification system. This is available to all of your organization's registered contacts when they login (except Finance and Marketing Contacts) and is the starting point for all certification/verification activities for your organization.

From there, you can:

3.2 Completing the Trademark License Agreement

A requirement of certification/verification is that you must execute a Trademark License Agreement ("TMLA") with NASPL.

Although a completed Trademark License Agreement is not required before you commence with organization and business practice or technology registration, we recommend that you submit your signed Trademark License Agreement to NASPL as early as possible in the process. You should download the applicable TMLA from the link provided within the web-based certification/verification system and follow the instructions on the signature page of the TMLA for submitting it to NASPL. Once you have submitted it to NASPL, you should enter the date of submittal into the system (at the bottom of your organization home page). This will enable the Certification and Verification Authority to follow-up with NASPL to ensure that they countersign the TMLA.

3.3 Maintaining Up-to-Date Contact Information

Each organization is responsible for ensuring that the contact information associated with their account is current. This includes both the organization-level contact information and the contact information specific to each business practice or technology registration. Current contact information means that the correct people are identified as contacts for the various roles within the web-based certification/verification system, and that their contact details are correct.

Any organization or business practice or technology specific contact who has the ability to log in to the system will be provided with access to their individual contact information to update (e.g., address, phone number).

To change a user's name or email address, information for Finance or Marketing Contacts, or to specify a different individual as the contact, please send a request to the Certification and Verification Authority via email at naspl-cv-auth@opengroup.org.


4. Certification or Verification Against a Best Practice or Technical Standard

Prior to registering your business practice, please ensure that:

4.1 Registration, Submission of Certification/Verification Information, and Validation Process

The next steps in the certification/verification process are to:

Specific instructions for performing these steps can be found in the appropriate Guide Supplement. In addition, please see Appendix A, Using the Editing Tool, for information on using the editing tool to create, edit, and submit your Conformance Statement.

4.1.1 Payment

Payment is required to complete registration of your business practice or technology. Payment may be made by credit card, electronic payment or check. At the conclusion of the registration process you may select your desired payment method in the web-based certification/verification system. For further information on these payment options, see http://www.opengroup.org/payment/.

If you wish to pay by credit card, please complete the requested information regarding the credit card account you would like to use. A receipt for the payment will be sent to the cardholder.

If payment is to be made via electronic payment or check, you should commence this process as soon as the registration is complete. Please contact the Certification and Verification Authority via naspl-cv-auth@opengroup.org to arrange payment. When the Certification and Verification Authority receives your payment, they will send a receipt to your Finance Contact, indicating that payment has been received. This receipt contains all the same information as is typically provided in an invoice.

If you require an invoice to be sent prior to your organization making payment, please indicate such on the registration page and specify the contact to which the invoice should be sent. By default, invoices are sent to the Finance Contact, but you may select a different contact if desired, and you will be required to confirm the billing address for the specified contact. The Primary Technical Contact will also receive a copy of the invoice.

If payment is made by a method other than credit card, the system will automatically place a payment "hold" on the registration. This hold will not be released until either payment is received or the Certification and Verication Authority's Finance department explicitly authorizes release of the hold prior to receipt of payment.

While your registration is on hold, you will still be able to upload the Conformance Statement and other Indicators of Conformance. However, the Certification and Verification Authority will not review these documents or perform any other processing of the registration until the hold has been released.

See http://www.opengroup.org/naspl/cert/docs/fee_schedules.html for the applicable fee schedules. For payment procedures that are specific to a particular certification or verification, see the appropriate Guide Supplement.

4.2 Completion of Certification/Verification

Once your submission is complete and a NASPL Trademark License Agreement is in place, you will be notified of successful certification or verification within 10 business days. If for any reason the submission was not complete, you will be notified so that any corrections can be made and resubmitted. Such a resubmission needs to be done within 60 calendar days unless an extension has been granted by the Certification and Verification Authority. The initial certification/verification fee covers one set of corrective actions.

Once you have been notified of a successful certification or verification, your business practice or technology will be put on the public Register, unless you requested that it remain confidential. To keep the certification/verification confidential, this option must be selected in the web-based certification/verification system at the time the business practice or technology registration is submitted. In this case, your business practice or technology will not be added to the Register until the earlier of your notification to the Certification and Verification Authority that you would like to end the confidential period, or the expiration of the confidential period, which occurs six months from notification of a successful certification or verification.

When a certification or verification has been made public, you will be sent a certificate by electronic mail.

You should note that certification/verification is valid for a defined period as stated in Section 9.1, "Duration of Certification/Verification", of the NSI Certification/Verification Policy document. At the end of that period, if you wish your Certified/Verified Entity to remain certified/verified you will need to renew your certification/verification as defined in Section 5, Renewals Process, below.


5. Renewals Process

When your business practice or technology is certified or verified, it remains so for a defined period, after which it must be renewed or else it will no longer continue to be certified/verified. The Certification and Verification Authority will notify you in advance by electronic mail when a renewal is due (so it is important to keep your organization's contact information up-to-date). At any time, you may use the web-based certification/verification system to obtain the renewal date for each of your Certified/Verified Entities.

Renewal implies that your Certified/Verified Entity continues to conform and, in the case of technologies, that you will continue to support your technology for the duration of the renewal period.

Renewal is performed using the web-based certification/verification system. You may access the renewals page from your organization's home page in the system. When you select the Certified/Verified Entity to be renewed, you will be presented with a web renewal form to complete.

Please see Section 9.2, "Renewal Process", of the NSI Certification/Verification Policy document for further information on the requirements and process for renewal. Specific steps for renewing a particular certification/verification can be found in the appropriate Guide Supplement.


6. Certified/Verified Entity Modifications and Updates

Any modifications to your Certified/Verified Entity must be made in accordance with the requirements defined in the Certification/Verification Policy. You should read the requirements in the policy documents thoroughly since they describe multiple scenarios related to business practice or technology changes. In some cases, the modification or update necessitates a new certification/verification, whereas, in other cases, you can update your existing certification/verification.

Updates to your Certified/Verified Entity's certification/verification are performed using the web-based certification/verification system. You may access the updates page from your organization's home page in the system. When you select the Certified/Verified Entity to be updated, you will be presented with a web form to be used to indicate to the Certification and Verification Authority the type of change.

Specific steps for maintaining certification or verification for a Certifieds/Verified Entity that has been modified can be found in the appropriate Guide Supplement.


7. Supporting Processes

7.1 The Appeals Process

You may appeal decisions made by NASPL, the NASPL Standards Initiative, or the Certification and Verification Authority as stated in Section 11, "Appeals Process", of the Certification/Verification Policy document. Any request for appeal should be sent by electronic mail to naspl-cv-auth@opengroup.org. The Certification and Verification Authority will acknowledge receipt of such a request within six business days and the appeals process will be invoked.


8. Certification/Verification Steps

The following list of certification/verification steps is provided to assist with completion of your business practice or technology registration:

Understanding the certification/verification program and process  
Have you read the NSI Certification/Verification Policy and Policy Supplements? YES / NO
Have you read the applicable NSI Conformance Requirements document(s)? YES / NO
Legal Agreements  
Have you read the applicable NASPL Trademark License Agreement? YES / NO
Have you read the NSI Certification/Verification Agreement? YES / NO
Have you passed the above agreements to your legal representative? YES / NO
Has the applicable NASPL Trademark License Agreement been completed and submitted to NASPL? YES / NO
In the NSI web-based certification/verification system, have you entered the date you submitted the Trademark License Agreement to NASPL for signature? YES / NO
Registering your organization  
Do you have an account (userid/password) to access The Open Group's web server? YES / NO
If this is your organization's first NSI certification or verification, have you entered information on your organization and your designated contacts? YES / NO
Has your Authorized Signatory received notice from the Certification and Verification Authority regarding your request to participate in the NSI Certification and Verification Program? YES / NO
Has your Authorized Signatory responded, denoting acceptance of the terms and conditions of participation? YES / NO
If this is your first NSI certification or verification, has your organization been accepted by the Certification and Verification Authority, and given notice to proceed? YES / NO
Registering a business practice or technology for certification or verification  
Have you entered the information required about the business practice or technology you wish to have certified or verified? YES / NO
Have you completed and submitted the Conformance Statement? YES / NO
Have you provided any remaining information? YES / NO
Have you completed the validation process (i.e., assessment, testing, or other specified validation method)? YES / NO

 

Appendix A: Using the Editing Tool

The document editing tool enables you to create or modify the selected document using a web-enabled form. You may edit your document in one sitting or start work on it, save your work, and come back at a later time to continue making edits. You may continue to modify your document up until the time you formally submit it to the Certification and Verification Authority (using the "Submit" button within the editor). Submission is required in order for the Certification and Verification Authority to review and accept your document, and ultimately enable your organization to progress to the next steps in the certification/verification process.

The following describes the various buttons within the editor.

Save

This enables you to save the values that you have entered during this editing session, or since your last save. Save may be used at any time. At the time your form is saved, any fields that have been completed will be validated for correctness and you will receive a message at the top of the page indicating whether there are any problems with the edits performed to date. The form will be saved even if there are problems. You will be required to fix them prior to submitting your document to the Certification and Verification Authority. After performing Save, you remain in the input/editing mode.

Reload

This enables you to reload the values from your last Save.

Clear

This will clear all values and enable you to start editing your form again from scratch. Note that this will clear any previously saved values.

Check

This enables you to validate your recent edits, but does not save them.

Submit

Once you have completed your form, this will enable you to submit it to the Certification and Verification Authority. This has the effect of saving your form and validating all fields. If there are any problems, you will be notified of such and required to fix them prior to submitting your form to the Certification and Verification Authority. Once you have submitted your form, you will not be able to make any further edits to it. Should you notice something wrong after submitting your form, you will need to contact the Certification and Verification Authority and ask that your form submission be cancelled so you can re-edit your form.

Return

This returns you to the place in the web-based certification/verification system that you were at prior to entering the editor.

 

© The Open Group 2001-2010
Updated on January 25, 2010