This is the next step in the TI Team Maturity model. Certification is meant for those TI Accredited teams who have internal and/or external reasons to have their maturity level gauged in an independent way.

A candidate for TI Certification is already a TI Accredited team in good standing - i.e. fulfilling their accreditation obligations for at least eight months and not being under special review by the TF-CSIRT Steering Committee - and will have attended at least one of the TI Meetings which are co-located with the TF-CSIRT Meetings three times a year. The first certification fee is higher than the annual fee charged for the second and third year. The costs are also higher for teams outside Europe, Middle East and Mediterranean Africa. This is to cover the costs for the initial full day workshop that is a mandatory part of the process:

  • for teams within Europe, Middle East and Mediterranean Africa:
    • first year certification: EUR 1800 (VAT might apply)
    • first year re-certification, second and third year re-/certification: EUR 800 (VAT might apply)
  • for teams from other geographic areas:
    • first year certification: EUR 3000 (VAT might apply)
    • first year re-certification: EUR 2400 (VAT might apply)
    • second and third year re-/certification: EUR 800 (VAT might apply)

The gauge used is the SIM3 Model, which stands for Security Incident Management Maturity Model. SIM3 describes 45 parameters, divided over four categories:

  1. Organisation
  2. Human
  3. Tools
  4. Processes

Scoring for each category is on five levels, ranging from "0", which means it is not available, to "4", which means that the parameter is not only described - as on level "2" - and rubber-stamped - as on level "3" - but also part of an internal or external audit process. The actual certification gauging involves required specific and distinct minimum levels for each of the parameters.

When the certification succeeds, the team can show this to their constituents, to their funding bodies, to other parties or teams they want to cooperate with. The certified teams are and stay part of the community of TI Accredited teams - the certification is in fact extra branding, useful for all sorts of purposes in the team's future.

The TI Certification can take from three to twelve months, depending on the amount of work the team needs to do to meet the requirements, and depending on the priority attached to that improvement process. To date (May 2017), twenty teams have been certified, some of them are already re-certified after the initial three years period, four more are currently in this process of re-certification and another five accredited  teams are currently certification candidates.

Related Materials

Useful materials for this process are:

  • SIM3 - Security Incident Management Maturity Model: This Model was developed in support of measuring the maturity of a security or incident response team in terms of four areas: organisation, human issues, tools and processes. It is used in support of the TI Certification framework.