Security Quality Assurance Program (SQAP)

Software Quality Assurance  Program


The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in various information security skills has launched a new initiative – Security Quality Assurance Program (SQAP), to recognize, validate, and ultimately increase the number of qualified security conscious programmers and/or employees (computer users) in your team.

The aim of this initiative is to generate skilled professionals across organizations globally and also to assess the quality of the existing professionals from a security standpoint. We wish to provide credible and fair assessment to the various teams across institutions. Being a part of this initiative will give your organization a competitive edge in terms of demonstrating security talent within your organizations compared to your peers. We believe, this will provide the much needed assurance required by your clients and stakeholders.



1 For Secure Computer Users:

Some facts about computer users by NORTON CYBER CRIME STUDY







All the above facts only prove that all level of computer users are vulnerable in protecting your information assets. EC-Council created this program to protect information of organizations from its weakest security link – ITS EMPLOYEES/COMPUTER USERS



2 For Secure Programmers:
Secure Programming is a section of Information Security that sets the base for the foundation of any secure software/application and if the program is not written adhering to secure practices then it may jeopardize the security of the entire organization. This may lead to a loss of critical data and revenues, potentially worth millions.

Some shocking results of a survey by Ponemon Institute on the State of Web Application Security revealed that:

  • 70% of security professionals surveyed do not believe their organizations allocate sufficient resources to secure and protect critical Web applications.
  • 34% of urgent vulnerabilities are not fixed
  • 38% believe it would take more than 20 hours of programmer time to fix a single vulnerability. This time period could be more than enough for an attacker to access data worth millions and create havoc.

In any organization the design phase is very critical because if a software is designed with bugs, tackling the bugs in the subsequent phases requires 3 elements crucial to any organization- manpower, time, and revenue.


All the above facts only prove that secure programming is a critical part of any software development project.


As part of this initiative, programmers and/or employees (or computer users) of your organization may take the exam prepared and funded by EC-Council to gauge their abilities to perform their task in security point.

This activity will not only validate the skills of those who pass the exam but also validate the potential gaps in your organization, will become evident, should your programmers and/or employees (or computer users) fail to pass the exam.

Should the vast majority of your team pass the exam, it will be a major opportunity for your organization to prove to the world that you are indeed part of world class employees that is security conscious.

It proves how meticulous your organization is, from a security quality process stand point, and this may put you way ahead of your competition by focusing more on your strengths and get rid of a problem named INFORMATION SECURITY.

Each participating institution will receive an exam report which will be strictly confidential. Successful individuals will receive online EC–Council certification. In the unlikely event that your team members fail the exam; we hope that this process will motivate you to train them in secure computer user program or secure software development program. All of the test results are confidential and no one will know, except you. The results will be strictly confidential.


Any institution with a minimum of 100 employees that have a dedicated programmers and/or employees (or computer users) for SQAP

If an institution has less than specified employees, they may still apply and EC-Council may approve the application at its own discretion.

Other terms and conditions apply.

Details of this terms and conditions can be found in the online application form under “How to apply?” section/ tab.











Upon receipt of a complete application, it may take up to 7 working days to process the application. Successful applicants will be notified via e-mail.

Application for Security Quality Assurance Program (SQAP) is open from December 1st, 2013 until May 31st, 2014

Remarks

  • For the year 2013/2014, EC-Council only offers the SQAP ECSP exam for .Net/JAVA programmers and SQAP CSCU for computer users as part of SQAP program. Other domains exam will be available when EC-Council launches them globally.

Quick notes on the application form

The online application form consist of
  • Applicant’s Details
    • The applicant is required to provide the corporates general information.
    • The applicant is required to nominate Single Point Of Contact (SPOC) information. EC-Council will contact the SPOC for matter related to SQAP. EC-Council will only share the exam report with SPOC.
    • The applicant is required to agree to the SQAP’s terms and conditions.
    • SPOC/Proctor(s) cannot participate in the SQAP scheme.
1 SQAP’s Terms and Conditions
  • A corporate client must have a minimum of 100 employees that have a dedicated programmers and/or employees (or computer users) for SQAP
  • A candidate is only entitled to receive 1 exam voucher. If a candidate fails the exam, re-take exam voucher will not be provided.
  • EC-Council will not provide any study materials for the preparation of the exam. The entire purpose of the exercise is to measure the knowledge of the candidate prior to any form of training from EC-Council and benchmark it against industry norms.
  • Reselling or transferring of the exam voucher is strictly prohibited.
  • Exam vouchers and proctor access are valid for 30 days.
  • EC-Council will not entertain any request for exchange/extend any exam voucher and/or proctor access.
  • EC-Council reserves the right to hold back candidate(s) result(s).
  • EC-Council reserves the right to amend the terms and condition above without prior notice.
  • Corporates that are apply for SQAP needs to allow EC-Council to publish the corporate logo in SQAP website. Corporate Logo will only be published once the application is approved.
  • EC-Council will not publish the SQAP report which will be shared with the corporate after examination
  • A corporate client must have the following:
    • High speed Internet access preferably T1 speed or higher.
    • Windows XP or higher PCs
    • Mozilla Firefox Browser latest version
    • Adobe Acrobat Reader latest version
    • Printer
2 Proctor’s Terms and Conditions
Proctor
  • The proctor MUST be present for all exams and throughout the duration of the exams.
  • The proctor to maintain a professional decorum typical of all high-stakes testing environments throughout the entire testing process (e.g., quiet room, no communication of any kind among examinees).
  • The proctor is encouraged to allow students to log in and begin testing as they arrive. It is not necessary (and not preferred) that all students begin or end at precisely the same time. Proctor may supervise a maximum of 12 examinees at any one point in time. If more than 12 are to be tested concurrently, an assistant proctor must be present.
Calculators
The Proctor is responsible to make sure that the examinee follows this rule: Programmable calculators are NOT allowed

Stationary
The Proctor is responsible to make sure that the examinee follows this rule: Note pads, books (of any kind), scrap papers, laptops & PDAs. are NOT allowed.

Cell phones
Cell phones are to be kept by the examinee and to be switched OFF. If in any case where the cell phone rings and the examinee answer the call, the Proctor will force the examinee to exit the room. The examination will be considered complete and be graded accordingly.

Assistance
The Proctor must NOT offer any help in ANY way from ANY source during the examination. In matters of emergency, the examinee will be forced to leave the room. The examination will be considered complete and be graded accordingly.

Additional Items
The Proctor is responsible to make sure that the examinee follows this rule: The examinee is NOT allowed to bring/consume ANY food & beverages, caps/hats of any kind, long sleeved sweaters/jackets, gloves, bags, earphones and such for the duration of the exam.

Duration
  • A clock will be present on the examinee’s screen to allow the examinee to monitor the time left to complete the exam. When the time ends, the examinee will be prompted to submit the examination and sign out.
  • The Proctor is REQUIRED to enforce this rule strictly.
Please discuss with all proctors and ensure that they accept this terms & conditions, before agreeing to this terms & conditions.
3 Testing candidate’s Terms & Conditions
At EC-Council, protection of your personal information, and making sure you understand how and why it is processed, is of paramount importance to us. As a data processor for your test sponsor, EC-Council processes your personal information only for the purposes of registering and scheduling you for a test, administering that test, and processing the results.

At no time will your personal information be used by EC-Council for any other purpose without your permission.

Your personal information, including your test results, will be provided to your test sponsor or employer for the purposes of providing scores, certification, or other benefits to you.

EC-Council may also disclose your personal data to other EC-Council entities for the purpose of providing you with testing information, administering the test, or processing your results.

These EC-Council entities may be located outside the country in which you take the test, and your personal information may be processed or stored there to provide results and information to your test sponsor.

Adequate protection of your personal information is ensured at all EC-Council entities. You may access, limit the use of, or change your personal information by contacting your test sponsor during normal business hours.

If you test with multiple test sponsors, EC-Council may update your personal information for all test sponsors upon receipt of a change to your personal information.

The above processing is necessary to administer a test to you, and we cannot register you for a test, if you do not agree to personal information processing by EC-Council as described above.
EC-Council (International Council of Electronic Commerce Consultants) is the world leader in IT Security Courses - Information Security, Network Security, Computer Security and Internet Security Certification and Training. EC-Council’s flagship course Certified Ethical Hacker, CEH set the standard for what the world has come to expect from ethical hacking IT Security courses.