Certification Scope and Coverage
28.2.1. Applicable Targets
TQS certification applies to all technical assets developed, operated, and deployed within TIENIPIA. The applicable certification categories and verification items vary depending on the type and scale of the project.
28.2.1.1. Applicable Targets by Project Type
The applicable targets for TQS certification are classified as follows.
| Project Type | Description | Applicable Category | Examples |
|---|---|---|---|
| Enterprise Applications | Applications provided internally or to clients | TQS-S/W | Flowin groupware, project management tools |
| Backend Services | REST APIs, microservices, batch processing services | TQS-S/W | Authentication service, notification service, billing service |
| Internal Libraries | Shared internal modules, utility libraries | TQS-S/W | Secure document generation module, common logging library |
| API Services | External integration APIs, public APIs | TQS-S/W | Partner integration API, data query API |
| Internal Tools | Development productivity tools, administration tools | TQS-S/W | Deployment automation tools, monitoring dashboard |
| Servers and Network Equipment | Physical/virtual servers connected to the internal network | TQS-H/W | Internal servers, network switches, firewall equipment |
| Infrastructure Environments | IDC, cloud, streaming architecture | TQS-Infra | Production clusters, CDN configuration, storage environments |
28.2.1.2. Application Criteria
Not all projects are subject to the same level of certification. Application criteria are determined based on the project's criticality and scope of impact.
- Mandatory targets: All projects deployed to the production environment must obtain TQS certification.
- Recommended targets: Internal tools deployed up to the staging environment should obtain TQS certification.
- Optional targets: Utility scripts used only in local development environments may optionally apply TQS certification.
Operating a project deployed to production without TQS certification is not permitted. New projects must obtain certification before their initial production deployment, and existing projects must complete certification within the grace period.
28.2.2. Certification Unit
TQS certification is issued on a project name + version basis. Even for the same project, different versions are managed as separate certifications. This enables precise tracking of the quality status for a specific version.
28.2.2.1. Certification Identification System
The following information is specified on the certificate.
| Item | Description | Example |
|---|---|---|
| Project Name | Official project name | Flowin Groupware |
| Version | Version based on Semantic Versioning | v2.1.0 |
| Category | TQS certification category | TQS-S/W |
| Grade | Certification grade | Advanced Certification |
| Issue Date | Certification issue date | 2026-03-01 |
| Validity Period | Until the next major version release | Expires upon v3.0.0 release |
| Certification Number | Unique certification identifier | TQS-SW-2026-001 |
28.2.2.2. Version Criteria
The validity scope of certification follows the Semantic Versioning scheme.
- Major version change (v1.x.x -> v2.x.x): A full re-audit is required. The existing certification expires.
- Minor version change (v2.1.x -> v2.2.x): The existing certification is maintained without re-audit. However, CI/CD pipeline passage must be confirmed.
- Patch version change (v2.1.1 -> v2.1.2): The existing certification is maintained without re-audit. Only CI passage is confirmed.
28.2.2.3. Multi-Module Projects
When a project consists of multiple modules, the certification unit handling is as follows.
- Monorepo: The entire project is treated as a single certification unit. All modules must meet TQS criteria.
- Polyrepo: Each repository is treated as an individual certification unit. Certification is applied for independently per repository.
- Shared Libraries: Shared libraries used by multiple projects are managed as independent certification units. When a shared library obtains certification, related items may be exempted during the audit of projects that use that library.
Even when only some modules have changed in a multi-module project, if the certification unit is the entire project, the audit is conducted on a project-wide basis. However, for modules that have not changed, a simplified audit referencing previous audit results may be applied.
28.2.3. Partial and Full Certification
TQS certification supports both single-category certification (partial certification) and multi-category certification (full certification). The appropriate certification scope may be selected based on the nature of the project.
28.2.3.1. Partial Certification
Partial certification is a method of certifying only one category independently among TQS-S/W, TQS-H/W, and TQS-Infra.
- Projects that develop only software may apply for standalone TQS-S/W certification.
- Projects that handle only infrastructure deployment may apply for standalone TQS-Infra certification.
- Projects that obtain partial certification may only use the TQS Mark for the corresponding category.
Partial certification is suitable when the project's technical scope is limited to a specific category. Most projects begin with TQS-S/W partial certification.
28.2.3.2. Full Certification
Full certification is a method of certifying all three categories: TQS-S/W, TQS-H/W, and TQS-Infra.
- It applies to comprehensive projects that include software, hardware, and infrastructure.
- Obtaining full certification grants the right to use the
TQS Full Certifiedmark. - Full certification audits for each category may be conducted sequentially or in parallel.
For full certification, all mandatory items across every category must be 100% satisfied. If even one category falls below the standard, full certification will not be issued, and partial certification will be issued only for the categories that meet the criteria.
28.2.3.3. Certification Extension
Projects with partial certification may additionally obtain certification in other categories to extend to full certification.
- The existing partial certification must be within its validity period.
- Only the additional category undergoes a separate audit.
- Once certification for all categories is complete, full certification is consolidated and issued.
28.2.4. Excluded Targets
The following projects or deliverables are excluded from TQS certification. However, even for excluded targets, managing quality by referencing TQS standards is recommended.
28.2.4.1. Exclusion List
| Excluded Target | Reason | Remarks |
|---|---|---|
| PoC (Proof of Concept) | Temporary project for technology validation | Certification required upon transition to formal project |
| Prototype | Deliverable for initial concept validation | Certification required upon transition to production |
| External Vendor Solutions | Not internally developed by TIENIPIA | Customized portions are subject to certification |
| Legacy Systems | Existing older systems in operation | Certification required upon migration |
| One-time Scripts | One-time tasks such as data migration | Converts to certification target upon repeated use |
| Training/Educational Projects | Sample projects for internal training purposes | Cannot be deployed to production |
28.2.4.2. Transition of Excluded Targets
Projects classified as excluded targets are transitioned to certification targets when the following conditions apply.
- PoC/Prototype: When promoted to a formal project with a production deployment decision, TQS certification must be obtained before deployment.
- External Vendor Solutions: When custom code is added internally, TQS-S/W certification must be applied to the customized portions.
- Legacy Systems: When migration is undertaken, the migration deliverables are subject to TQS certification. Certification must be obtained within 6 months of migration completion.
- One-time Scripts: When the same script is used 3 or more times repeatedly or reused in other projects, it is transitioned to a certification target.
28.2.4.3. Excluded Target Management
Excluded projects must also be registered in the internal project management system with the exclusion reason clearly stated. The TQS Committee reviews the exclusion list quarterly to identify projects that should be transitioned to certification targets. Projects whose exclusion reasons have ceased are immediately reclassified as certification targets.