Blogs

5015: Certified Software vs. Certified State

By Alex Holcombe posted 10-29-2010 14:04

  

We work with a lot of organizations that are evaluating their records management options and one requirement is often that they need 5015.  The DoD 5015.2-STD certification is the de facto standard used by many public and private sector organizations use to evaluate records management applications.  This standard defines the functional requirements and features needed for to obtain the certification.  However, what it means to “need 5015” varies greatly and can cause a lot of confusion, but in general it can be broken down 2 different ways:  you need to run in a certified state, or you need a solution that contains products that have been certified.

If you need to run in a certified state, the implication is that your system needs to meet all of the requirements defined in the standard.  In other words, if the JITC testers showed up on your front door, in 5-10 days they would go through your system and give you a thumbs up.  This is certainly valid for some organizations for which the standard is mandated, but often overlooked is that fact that running in a certified stated means not only having a system that provides the defined functionality, but also having the required business process and procedures in place.  The first part is relatively easy; it’s just software and software can be made to do whatever you want.  Implementing the proper processes and procedures, though, can be a major change for an organization that doesn’t already have processes in place which closely follow the standard.  The point being, if you’re mandated or just want to run in a certified state, having software that has passed the certification is not enough.  Your system needs to be setup and configured properly and you must be following the proper processes and procedures.

Because it’s often used as a measuring stick, many organizations want software that has successfully passed the certification even though they don’t intend to run in a certified state.  From a requirements perspective this is a check in the box.  Frequently, when you take a closer look at the requirements there may be few that require or align with the standard, or, because of its complexity and process, parts of the standard may get in the way of how the organization wants to manage their records.  Additionally, and it’s a common misconception, software that has been certified doesn’t provide any guarantee of robustness, scalability, or security.  All of these are dependent on how a solution is set up, configured, and used.

With regards to SharePoint, quite a bit of the functionality defined in the current version of the standard is available out of the box in SharePoint 2010.  However, it does not, by itself, meet the standard or is certified.  If you need to run in a certified state or want all of the functionality defined in the standard you have to either include a 3rd party product or create the customizations necessary to fill in the gaps.  If you just need a check in the box, even though SharePoint isn’t certified by itself, it’s a worthwhile effort to compare your requirements with what SharePoint provides out of the box, with 3rd party products, and with customizations.



#SharePoint
0 comments
11 views

Permalink