Certification Process Overview
TQS certification is conducted through a systematic and transparent 5-step process. This chapter defines the overall flow, estimated duration, role-based responsibilities, and audit types of the certification process.
31.1.1. Process Flowchart
The TQS certification process consists of the following 5 steps. Each step proceeds sequentially, and the previous step must be completed before proceeding to the next.
The key activities for each step are as follows.
| Step | Name | Responsible Party | Duration | Key Activities |
|---|---|---|---|---|
| 1 | Pre-Review | Project Team | 1-2 weeks | Self-assessment, gap analysis, remediation planning |
| 2 | Audit Request | Project Team | 1 day | Deliverable submission, receipt confirmation |
| 3 | Technical Audit | TQS Committee | 1-2 weeks | Automated verification, manual review, verdict |
| 4 | Certification Issuance | TQS Committee | Immediate | Certificate issuance, TQS Mark assignment |
| 5 | Post-Certification Management | Project Team + TQS Committee | Ongoing | Maintenance, renewal audit, monitoring |
31.1.2. Overall Duration
The overall duration of TQS certification varies depending on the project's level of specification compliance. The table below summarizes the estimated duration for each scenario.
| Scenario | Pre-Review | Audit Request | Technical Audit | Certification Issuance | Total |
|---|---|---|---|---|---|
| Shortest Path (No Remediation) | 1 week | 1 day | 1 week | Immediate | Approx. 3 weeks |
| Standard Path (Minor Remediation) | 2 weeks | 1 day | 1 week | Immediate | Approx. 4 weeks |
| Remediation Path (Conditional Pass) | 2 weeks | 1 day | 2 weeks + 2-week remediation | Immediate | Approx. 6 weeks |
The shortest path applies when all mandatory items are met at the pre-review stage before requesting the audit. Projects where the team is well-versed in TQS specifications and has applied them from the early stages of development may obtain certification via the shortest path.
The remediation path applies when a conditional pass verdict is issued from the technical audit, requiring an additional remediation period. The remediation period is a maximum of 2 weeks, and a re-verification audit is conducted after remediation is complete to issue the final verdict.
If a project receives a fail verdict, remediation must be completed and the process must restart from Step 1 (Pre-Review). In this case, the overall duration may exceed 6 weeks.
31.1.3. Role-Based Responsibilities
The roles participating in the TQS certification process and their responsibilities for each activity are defined using a RACI matrix.
- R (Responsible): The role that directly performs the activity
- A (Accountable): The role that bears ultimate responsibility for the activity
- C (Consulted): The role that provides input on the activity
- I (Informed): The role that is notified of the activity's results
31.1.3.1. RACI Matrix
| Activity | Project Lead | Development Team | TQS Committee | External Advisor |
|---|---|---|---|---|
| Conduct pre-review | A | R | C | I |
| Prepare self-assessment checklist | A | R | I | --- |
| Gap analysis and remediation planning | A | R | C | C |
| Prepare deliverables | A | R | I | --- |
| Submit audit request | R/A | I | I | --- |
| Document receipt confirmation | I | --- | R/A | --- |
| Conduct automated verification | I | --- | R/A | --- |
| Manual code review | I | C | R/A | C |
| Audit verdict | I | I | R/A | C |
| Perform remediation actions | A | R | I | C |
| Issue certificate | I | I | R/A | --- |
| Assign TQS Mark | I | I | R/A | --- |
| Post-certification monitoring | A | R | R | --- |
| Request renewal audit | R/A | I | I | --- |
31.1.3.2. Role Definitions
The specific scope of responsibility for each role is as follows.
The Project Lead is the overall responsible person on the project side for the certification process. They manage the certification schedule, deliverable submissions, and remediation action implementation. The Project Lead serves as the primary communication channel with the TQS Committee throughout the entire certification process.
The Development Team performs the actual specification compliance work and deliverable preparation. They are responsible for practical tasks such as preparing self-assessment checklists, code remediation, achieving test coverage targets, and configuring CI/CD pipelines.
The TQS Committee is the body that ensures fairness and consistency of audits. It holds full authority over document receipt, automated verification, manual review, verdicts, and certificate issuance. A minimum of 2 committee members must participate in each audit.
External Advisors provide expert opinions on specific technical areas. Their participation is optional and may only be requested when the TQS Committee deems it necessary. External advisors do not hold voting rights on audit verdicts.
31.1.4. Audit Types
TQS certification audits are classified into 3 types based on purpose and scope. Each type differs in audit scope, duration, and required deliverables, so project teams must accurately identify the applicable audit type and prepare accordingly.
31.1.4.1. Initial Audit
The initial audit is performed for projects applying for TQS certification for the first time. It conducts a comprehensive verification of all checklist items.
| Item | Details |
|---|---|
| Target | Projects with no prior TQS certification history |
| Audit Scope | All checklist items (mandatory + recommended) |
| Duration | 1-2 weeks |
| Required Deliverables | Full deliverable set (see Chapter 31.3) |
| Audit Ratio | 60% automated verification + 40% manual review |
The initial audit is the most comprehensive audit type. It comprehensively verifies the project's entire technology stack, code quality, security, testing, and CI/CD. Upon passing the initial audit, the certification grade (Basic/Advanced/Premier) is determined simultaneously.
31.1.4.2. Renewal Audit
The renewal audit is performed to extend certification before the expiration of an existing certification's validity period. It focuses on verifying changes made since the previous audit.
| Item | Details |
|---|---|
| Target | Projects with upcoming certification expiration |
| Audit Scope | Changes + core items (security, test coverage) |
| Duration | 3-5 business days |
| Required Deliverables | Change specification + core deliverables |
| Audit Ratio | 70% automated verification + 30% manual review |
The renewal audit has a reduced scope compared to the initial audit. However, security items and test coverage must be verified in the renewal audit as well. The certification grade may be upgraded or downgraded during a renewal audit.
The renewal audit must be requested at least 2 weeks before the certification expiration date. If the renewal audit is not completed by the expiration date, the certification is suspended.
31.1.4.3. Change Audit
The change audit is performed when a significant change occurs in a project's technology stack or architecture during the certification validity period.
| Item | Details |
|---|---|
| Target | Certified projects with technology stack/architecture changes |
| Audit Scope | Limited to changed areas |
| Duration | 2-5 business days |
| Required Deliverables | Change specification + deliverables for the affected area |
| Audit Ratio | Determined based on scope of change |
Cases requiring a change audit include the following.
- Major version updates (e.g., v1.x to v2.x)
- Major technology stack changes (e.g., database change, framework change)
- Architecture structure changes (e.g., monolithic to microservices)
- Verification of response measures after a security incident
Depending on the change audit results, existing certification may be maintained, conditionally maintained, or revoked. If the scope of change impacts the entire system, the TQS Committee may request conversion to an initial audit.
31.1.4.4. Audit Type Comparison
| Category | Initial Audit | Renewal Audit | Change Audit |
|---|---|---|---|
| Audit Scope | Full | Changes + Core | Changed Areas |
| Duration | 1-2 weeks | 3-5 business days | 2-5 business days |
| Grade Determination | New determination | Maintain/Change | Maintain/Revoke |
| Manual Review Ratio | 40% | 30% | Variable |
| Application Requirement | None | 2 weeks before expiration | Upon change occurrence |