Upcoming International Standard for Advanced IT Professionals: ISO/IEC 24773 & IFIP IP3 Accreditation

Author: Tetsuro Kakeshita (Saga University) https://www.cs.is.saga-u.ac.jp/english/tetsuro-kakeshita.html

We organized the following event at the 86th National Convention of the Information Processing Society of Japan (March 15-17, 2024, at Kanagawa University). Representatives from IPSJ, ISO/IEC JTC1/SC7/WG20, and IFIP IP3 introduced their respective efforts and had discussions to deepen cooperation. This article presents an overview of the event.

ISO/IEC 24773 is an ISO standard that provides requirements and guidance for certification schemes for software and systems engineers. The IEEE Computer Society, INCOSE, the Information Processing Society of Japan, and other related parties are expected to complete the ISO standardization by 2024. The Information Processing Society of Japan (IPSJ) has supported the development of the above standard and has promoted ISO compliance of the Certified Information Technology Professionals (CITP) certification system. On the other side, IFIP IP3 has been studying an international accreditation system for the ISO/IEC 24773-compliant certification schemes. We introduced these efforts and extended the discussion on the significance of software engineers for the future society where Digital Transformation (DX) is progressing.

Title: International Standard ISO/IEC 24773 and its Significance

Speaker: Hironori Washizaki (ISO/IEC JTC1/SC7/WG20 Convener, IEEE Computer Society 2025 President)

The ISO/IEC 24773 series (Fig. 1) is an international standard that defines requirements and guidance for certification schemes for individual engineers that evaluate and certify the knowledge, skills, and competencies of engineers in systems engineering and software engineering. While various certification schemes operate in different countries and regions, as the systems and software development industry become increasingly internationalized, a common standard is expected to confirm a certain quality of certification schemes, promote mutual common understanding, and increase the international mobility of engineers. In this presentation, the purpose, prospects, and impact on certification schemes, their governing bodies, engineers, and the industry will be explained from the standpoint of the convener (lead coordinator) of the working group that is compiling the standardization of the series.

ISO/IEC 24773 is an international standard for certification systems for software and systems engineering. The standard provides guidelines on requirements, processes, and evaluation methods for certification systems and aims to ensure credibility, transparency, and international compatibility of certification.

The significance of ISO/IEC 24773 is listed below.

  1. International compatibility: A certification scheme conforming to ISO/IEC 24773 is internationally recognized and facilitates the movement and cooperation of engineers between different countries and regions.
  2. Increased credibility: Ensuring that the certification scheme operates according to certain standards increases the credibility and value of the certifications.
  3. Transparency: ISO/IEC 17024 (General requirements for bodies operating certification of persons), a prerequisite for ISO/IEC 24773, defines requirements for the certification process and evaluation criteria. This makes it easier for candidates and employers to understand the meaning and importance of certifications.
  4. Improved quality: Applying consistent standards to the operation of the certification scheme will improve the quality of education and training and increase skill levels throughout the industry.
  5. Promoting professionalism: The certification system provides a means for engineers to demonstrate that they possess professional knowledge and an ethical code of conduct, thereby contributing to the promotion of professionalism in the information technology domain.

Professional certification systems in various industries are mechanisms for assessing and certifying an individual’s expertise, skills, and competence. The importance of this system lies in the following aspects

  1. Recognition of Skill Levels of Engineers: It is noted that 34% of IT engineers in Japan are unsure of their IT skill levels, a much higher percentage than in Germany, the U.S., and other countries. This indicates that there is a lack of a system to objectively evaluate one’s skill level.
  2. Verification of Skills: A certification scheme demonstrates that an individual has a certain level of knowledge and skills in a particular field or technology. This allows employers and clients to have confidence that the candidate is capable of performing the required tasks.
  3. Career Promotion: Certifications contribute to an individual’s professional growth and career development. Certifications may be a requirement for promotion and salary increases.
  4. Establishment of industry standards: Certification schemes help establish industry standards in individual specialties, including the IT domain. This improves quality and professionalism throughout the industry.
  5. Increased credibility: A credential system is a basis of trust that proves an individual is an expert in his or her field. This helps to gain the trust of customers and business partners.
  6. Continuous learning and growth: Conformance to ISO/IEC 24773 requires periodical renewal and continuing professional development (CPD). This ensures that professionals stay up-to-date with the latest technology and industry trends.
  7. International Recognition: A certification system that conforms to ISO standards provides a means of demonstrating an individual’s skills in the global marketplace. This opens up international career opportunities.

Title: International Accreditation for Certification Schemes at IFIP IP3

Speaker: Tetsuro Kakeshita (IFIP IP3 Standards and Accreditation Council co-chair)

IFIP IP3 (International Professional Practice Partnership) has been working for 15 years to accredit and ensure the international credibility of the certification schemes operated by IFIP member societies. The revision of the ISO/IEC 24773 series is now in its final stages, and IFIP IP3 is considering a mechanism to certify the conformity of member societies with the new ISO/IEC 24773. As the digital society progresses and new technologies such as generative AI are being created one after another, digital engineers who are qualified to ISO standards and have internationally accepted skills are expected to become more and more important. Therefore, we are planning to change the conventional volunteer-based management of IP3 by including certification schemes run by non-IFIP member societies in the scope of accreditation (Fig. 2). In this presentation, the status of IP3 activities was described, and an attempt to automate the activities required for the assessment by actively utilizing online technology and LLM was also reported.

The following initiatives were introduced for the launch of the accreditation system at IFIP IP3:

  1. Establishing Standards: It is important to establish standards and guidelines following ISO/IEC 24773 to set up an organization to accredit certification schemes. This includes clear criteria for the certification scheme, requirements for its evaluation criteria, and accreditation processes.
  2. Establishing a Governance Structure: It is also important to establish a governance structure that is responsible for the operation of the accreditation body. This includes a decision-making body, a steering committee, and an audit function. To this end, it is proposed that the new IP3 accreditation system complies with ISO/IEC 17011.
  3. International Cooperation: International cooperation is essential for the accreditation of certification schemes from different countries and regions; it is proposed to strengthen cooperation with IFIP member organizations and other stakeholders such as certification bodies, industries, and governments.
  4. Develop education and training programs: It is important to develop education and training programs for accreditation body staff and assessors. This will ensure the quality and consistency of the accreditation process.
  5. Communication with Stakeholders: When launching an accreditation body for certification schemes, it is suggested to enhance communication with relevant stakeholders. This will help to gain their understanding and support for the purpose and role of the accreditation body.

The launch of the accreditation system by IFIP IP3 aims to provide a unified approach to the accreditation and assessment of professionals in the international IT domain. The proposed initiative will serve as a foundation for the successful operation of the accreditation body and for gaining international recognition and trust.

 

Innovations using online technology and generative AI (LLM, large language model) are expected to contribute to the efficiency and quality improvement of the operation and evaluation process of the accreditation systems (Fig. 3). Specific innovations are introduced below.

  1. Online Education and Training: An online platform can be leveraged to provide education and training for staff and assessors of accredited institutions. This allows for flexible and efficient learning opportunities that transcend geographic constraints.
  2. Online Evaluations and Assessments: Utilizing online technology, evaluations and assessments for credentialing can be conducted remotely. This can speed up and reduce the cost of the evaluation process.
  3. Automate the examination process with Generative AI: Generative AI can be used to automate the creation of evaluation criteria and eligibility documents, analysis of eligibility applicant portfolios, and generation of examination reports. This improves the efficiency and consistency of the assessment process.
  4. AI-assisted decision-making: Generative AI can be used to assist in decision-making for accreditation; it is expected that AI data analysis and pattern recognition can be leveraged to evaluate and make recommendations relative to credentialing criteria.

Through these innovations, the IP3 accreditation system is expected to use online technology and generative AI to improve operational efficiency, the quality of the evaluation process, and the skills and knowledge of certified engineers.

Society strongly desires value creation through Digital Transformation and the development of advanced IT professionals, and IP3 believes that the accreditation system can respond to these social demands through the above-mentioned initiatives. In promoting the establishment of an ISO/IEC 24773-compliant accreditation system, many issues still need to be resolved, but we intend to steadily promote our efforts.

Title: ISO Compliance and Use of the Certified IT Professional Certification

Speaker: Naoki Nishi (Committee Chair for CITP Certification, Information Processing Society of Japan)

The CITP certification has been in operation since 2014 for individual certification and 2015 for corporate accreditation. In FY2021, CITP will newly accredit the certification system for corporate groups, including data scientist certification, to meet the needs of new technologies required for information technology professionals. In this presentation, an overview of the CITP system, expectations for the international standardization of ISO/IEC 24773, and the status of the CITP system will be described.

The CITP system of IPSJ is designed to comply with ISO/IEC 24773 and ISO/IEC 17024. In addition, the system is designed to comply with the IT Skill Standard and ITSS+, which is a standard referenced skill standard in Japan. The system also stipulates requirements related to engineer ethics with an awareness of compliance with international standards and mandates periodic renewal of certifications and continuous professional development (CPD).

By providing such a certification scheme, the objectives are (1) to increase the visibility and social status of highly skilled information technology professionals (establishment of the profession) and (2) to form a professional community in the IT domain.

The CITP system obtained accreditation by IFIP IP3 in February 2018 and renewed accreditation by IP3 in April 2023. Through this, international equivalence is ensured for the certification schemes of the accredited societies. In the meantime, improvements have been made, such as the establishment of a new data scientist certification, acceptance of holders of the professional engineer (information engineering) certification, and the issuance of digital badges.

Compared to other certification systems accredited by IP3, the CITP system has several characteristics. One of them is the combination of the individual certification system, in which the IPSJ directly examines the certifications of IT engineers, and the accreditation of corporate certification systems, in which the IPSJ accredits the private certification system operated by a company and grants the CITP certification to engineers who have obtained the private certification. Another feature of the CITP system is that it incorporates a national qualification (Information Technology Engineer Examination), which is widely used among IT engineers in Japan. In this way, the CITP system actively promotes the effective use of existing initiatives.

The introduction of the corporate accreditation system will reduce the burden of examination and expand the scale of CITP certification compared to the method in which all engineers are directly examined by the IPSJ.

At present, there are approximately 2,000 CITP-certified IT professionals. In addition, six companies have been accredited under the corporate certification system. Expanding this number further is a challenge for the future. It is estimated that there are approximately 300,000 highly skilled IT professionals in Japan. Considering this situation, we can expect that it is possible to increase the number of CITP certification holders to several tens of thousands.

In designing the CITP certifications, we have tried to make them compliant with ISO/IEC 24773. However, we recognize that the scope of the new ISO/IEC 24773 is limited to Software Engineering and Systems Engineering and does not include all domains of the CITP certification.

Therefore, we hope that the new certification system that IP3 is planning to establish will be designed to include the certifications covered by the CITP system. In addition, we hope that the system will be designed to allow for higher levels of certification in specific roles and specialized fields.

Panel discussion “International Mutual Recognition Based on ISO/IEC 24773 and Its Significance

Panel Chair: Shigeaki Sakurai (Senior Fellow, Intelligent Systems Technology Center, Toshiba Corporation)

Based on the three speakers’ speeches, future directions of efforts were discussed in the panel. Various opinions were exchanged during the panel discussion.

  • Leading universities are offering recurrent education for IT professionals. In many cases, such recurrent education courses can be taken online and should be used effectively to help IT engineers acquire the latest technologies. As digital technologies such as generative AI continue to evolve rapidly, many initiatives are also beneficial as part of CPD.
  • The IEEE Computer Society provides the Software Engineer certification. Currently, the requirements of ISO/IEC 24773 are not met in some areas, such as the lack of periodic renewal of certifications, but they will work to meet these requirements in the future.
  • Efforts should also be made to expand the scope of the new ISO/IEC 24773, as SFIA and e-CF define many occupations and roles other than Software Engineers and Systems Engineers. In Japan, iCD (i Competency Dictionary) and DX Promotion Skill Standards define a variety of digital occupations. For example, it is unclear whether certifications such as data scientist and cyber security are included in the current scope. The inclusion of these occupations would expand the scope of ISO/IEC 24773 and further enhance its value.
  • Standardization, such as ISO standards, has been used for fundamental activities to ensure the safety and security of society and consumers, as well as to define basic specifications and inspection methods. Recently, however, standardization activities as part of management strategies that contribute to market creation and standardization activities to convert social demands, such as SDGs, into value are becoming increasingly important.
  • As a measure to enhance the value of the IP3 accreditation and CITP certification systems, it may be a good idea to use strategic standardization activities as described above.
  • In both the CITP certification system and the IP3 accreditation system, it is important to improve the efficiency of the examination operation. For this purpose, it may be a good idea to promote the use of generative AI and online examination.

We have received the following comments from the event participants, making it a meaningful event. We would like to continue our efforts in the future, including responding to these comments.

  • I think it is very good that an international standard has been established. I think that the challenge for the future will be how to spread these standards to as many people as possible. I would like to help in any way I can so that as many people as possible become aware of these standards.
  • I felt it was a big vision. I thought the key would be how to get more people to recognize and utilize it.
  • I had the impression that the number of certified professionals was sluggish. I thought it would be good if we could conduct activities that would push out more benefits to companies.
  • We were reminded that there are many issues from education to dissemination, and that we need to work with many stakeholders.

Code of Ethics: a solid foundation for information professionals

Information professionals have the international ‘Code of Ethics’ – adopted by the International Federation for Information Processing (IFIP) in 2020. Member organisations can subscribe to that code, many have done that. International cooperation at its best, with participatory development, consultation, and joint decision-making. The code is a basis and guideline for methods, best practices, standards, and frameworks. The question is how this code can be deployed optimally, thus creating trust in the sector.

Code of Ethics: outcome of collaboration

IFIP’s Code of Ethics was made on the basis of good practices from various countries. An important example was the code of the Association for Computer Machinery (ACM, https://www.acm.org). Professionals from the International Professional Practice Partnership (IP3, https://www.ipthree.org) within IFIP developed the code under the guidance of Prof Don Gotterbarn and Dr David Kreps, then chair of IFIP TC11. Through rounds of consultations, the code was created, with maximum attention to jointly working up a code from within the international professional body. This was then adopted at the IFIP General Assembly (see: https://www.ipthree.org/ifip-code-of-ethics/). IP3 will now use this code to make the current certification scheme of IT professionals suitable as an ISO standard with, among other things, e-CF and SFIA as content framework. SFIA is the benchmark framework for IP3 accreditation.

Working together and deploying ethics

World standards often emerge from a collaborative process. For instance, project and programme managers and PMO-ers know IPMA competences, IT architects know ArchiMate and Togaf. Standards that are created and updated with groups of professionals and academics.

ISO standards also come about through broad international alignment. An example is how fellow associations from South Africa (IITPSA), Canada (CIPS), Japan (IPSJ), Australia (ACS) and Sri Lanka (CSSL) and the Netherlands (KNVI) work together within IFIP on the new section within the ISO/IEC standard for ‘computing’: ISO/IEC 24773. This is under the leadership of initiator Dr Tetsuro Kakeshitamee. The new series already has new parts 1, 3 and 4, with part 2 coming in 2024. The overall process started in 2014 – including a lot of international coordination. Besides the ‘General Requirements’ (part 1) and ‘Guidance’ (part 2), parts 3 and 4 form the core of this standard: System Engineering and Software Engineering. A special feature of this new version is the focus on ethics and on knowledge, skills, competences, and professional practice.

Also topical is the joint effort for an Artificial Intelligence (AI) application guideline. In Europe, several organisations are working together in the Artificial Intelligence Skills Alliance (ARISA) project to gain knowledge of the application of AI in public and private applications. Through IPTE, European IT associations are also involved in this development. For the KNVI, securing ethical principles is an important issue in this too: Ethics as a Service should provide ethical help in the development, use and design of AI.

Finally, a Dutch example is the Dutch Practice Guideline NPR 3414:2023, Governance on the human aspects of IT. This standard is based on the academic work of a KNVI professional and was developed together with a group of practitioners. It allows directors of organisations to take better account of human aspects in the governance of their IT. Ethical conduct is also a key ingredient in this standard.

Standards: interpretation

When looking for standards for information management, information provision and information governance, you soon can’t see the wood for the trees. The KNVI Interest Group ‘Open Standards’ provides insight based on the nine-square model, drawn up by Prof dr Rik Maes (Maes, 2003). That model can be used for interpretation and coherence of various standards for business strategy, information strategy and information provision. The model is partly intended to promote cooperation and to discuss activities within organisations. The model provides tools to place standards and help the reader (or the searching professional) to ‘focus’. At https://openstandards.nl/, anyone can consult these standards.

Standards: a triptych

Delving into standards can be done from three angles: (a) the intention of the standard to formulate ethical principles, as described above, (b) the description of skills and (c) the elaboration of related competences.

Skills – the skills of professionals come at many levels. From being able to operate IT resources, making the right call or giving a presentation to the professional skills of the senior engineer who has knowledge and experience in writing the best (software) code, clear requirements, performing an integral chain test, implementing new (software) code on the mainframe, or managing and monitoring network traffic. Just to mention a few examples. These are skills that you can partly learn from books, but only really come to life in practice by applying them, reflecting on them, and improving them. You don’t learn to swim by reading swimming instructions. When skills are put to positive use in practice, this is then referred to as having competences. The International Standard Classification of Occupations (ISCO) of the International Labour Organisation (ILO), the European Skills, Competences, Qualifications and Occupations (ESCO) of the European Union or the Skills Framework for the Information Age (SFIA) (see: https://sfia-online.org/) attempt to give a total overview of this.

Competences – Well known is the European Competence Framework (e-CF), now a CEN/NEN standard (see https://www.cencenelec.eu/areas-of-work/cen-sectors/digital-society-cen/ict-skills/). e-CF has become a standardisation environment for IT professionals with documents around the Body of Knowledge (BOK), roles, accreditations, education, and peer review. Now that it is a formal standard, this also provides more guidance for implementation. In the Netherlands, for example, by using the competences in the central government’s ICT hiring mantle, the central procurement of training courses and the translation of competences in the function description framework for civil servants.

Professional organisations in Europe play a supporting role in elaborating competences and putting their importance on the agenda. Recently, a first attempt at a European Digital Skills Certificate (EDSC) was made by the EU together with the Council of European Professional Informatics Societies (CEPIS), among others. At the basis of this is yet another framework: DigComp 2.2.

Professional Practice – keeping your craft up to date

The basic premise of competency frameworks is that it provides guidance for professionals to keep up with their profession, and develop their careers. However, the profession of information professionals is rather difficult to define from a single framework – especially as the scope of the profession is different in different countries. In the Netherlands, the IT profession and the profession of the (formerly) more generically trained documentalist, librarian and archivist are starting to overlap more and more on specific competences. As a result, the entire profession – and thus the set of competences – is becoming broader.

Skills and competences

With all these frameworks, we seem to have a solid foundation for our profession. But…there are still two snags. Points of attention.

The first is the commitment to Skills. The new European Digital Skills Certificate seems a nice addition to all competency frameworks and provides for a corresponding assessment. However, the framework addresses digital skills of citizens and of professional users of Information Technology products. But that is a bit like testing someone’s agility – and thus only one side of the coin. Think about many schoolchildren today: Very agile in using all kinds of devices, comfortable online, and quick to switch gears.  But judging whether information is correct, whether sources are accurate, whether they work safely and do not share confidential data, they must learn. The same applies to professionals. These professionals are also responsible for creating, managing, and implementing good IT.  This requires special (and increasingly specific) knowledge and experience. Multidisciplinary work requires brainpower and reflective capacity: continuous training, learning, reading, and practising to keep your profession up to date. And that is precisely the component on which the EU has little or no focus!

The second is the ethical interpretation of the work. After all, thinking skills and reflective capacity are not just about one’s own learning – or learning about learning (the ‘double loop’ – Argyris & Schön, 1978). The triptych of ethics, skills, and competences assumes third-order learning (Boonstra, 2000). Here, a frame of mind is further developed – including the ethical considerations made from that frame of mind.

Even in an international context, it is not always easy to get and keep these two points of interest high on the agenda. Perhaps because it is quite complicated to capture skills and competences in frameworks. Skills are ‘easy’. Describing professionalism is more difficult. And keeping your profession up to date and constantly examining, questioning, and even questioning the framework of thinking is a challenge!

Fortunately, the basics are good: competency frameworks like e-CF, SFIA and various ISO standards and especially the IFIP Code of Ethics. We still have a long way to go before the ICT profession is well defined and especially the skills and competences are described in such a way that everyone recognises them and continues to improve. But: we are on our way!

 

Authors: Wouter Bronsgeest – chairman KNVI; Liesbeth Ruoff-Van Welzen – Fellow KNVI / chairman Interest Group Digital Skills

 

Sources

  • Argyris, C., & Schön, D. A. (1978). Organizational Learning: A Theory of Action Perspective. Addison-Wesley.
  • Boonstra, J. (2000). Lopen over water. Universiteit van Amsterdam.
  • Bronsgeest, W.L., De Waart, S., (2020). Smart Humanity, de mens met I-0 op voorsprong, Nubiz Uitgeverij, Hilversum
  • Maes, R. (2003). Informatiemanagement in kaart gebracht, Universiteit van Amsterdam, Amsterdam
  • https://www.ilo.org/public/english/bureau/stat/isco/docs/publication08.pdf
  • https://esco.ec.europa.eu/nl
  • https://www.cencenelec.eu/european-standardization/
  • https://www.cencenelec.eu/areas-of-work/cen-sectors/digital-society-cen/ict-skills/
  • https://standards.iteh.ai/catalog/tc/cen/566de01a-938d-4ed2-b502-c4bebf2a1cac/cen-tc-428