It’s been over a year since I last collected my thoughts about IT certification. That process led to my first “The Certification Challenge” blog entry. This entry sketches my current thinking on the subject.

Certification & Licensing

To begin, it’s important to make a distinction between voluntary certification issued by a professional body and required licensing that the state demands. The process of being certified or being licensed may be very similar, but the social and economic impact of certification and licensing will be quite different. Only those with the right license are allowed, by the state, to undertake certain kinds of work. Having a license has real, immediate, and recognizable value.

Not true for most certification schemes supported by a professional body. There is no legal requirement that an individual have a certificate in order to undertake any work. And, with the exception of narrow, specialized areas, there is no social expectation that individuals should acquire such certification. Furthermore, the public recognition of the “professional” status of a body offering certification could have significant negative consequences for certificants.

Under common law, there is a clearly recognized duty of professional care. Courts in Canada, the US, and the UK have held professionals to a duty of care that is more demanding that the general duty of care expected of members of the public. It could be argued that holding certification from a recognized “professional” body imposes a more rigorous duty of professional care upon these with such a certificate. This is only a lay interpretation, and the cases do not appear to be all that clear, ... still it would appear to be a significant consequence that could flow from a body being recognized as a “professional body” by the state.

“Proof” Behind Certification

The value of a certificate must, primarily, lie in the “proof” that was and is required to obtain and maintain certification. The strongest assertion would be that certificants will be competent because of what they must prove to obtain and maintain their certification. The certification process will demand proof of competency. The difficulty, however, is that competency will, in the vast majority of cases, be quite context dependent.

The context is important in at least two ways for those in IT. There are different technology contexts, and competency in something like a Windows Server environment does not automatically translate into competency in a Linux Server environment. Competency, especially for more senior positions, is also critically dependent on organizational context. Senior competency does not automatically translate from public to private sectors. Nor does competency in a large organization automatically translate into competency in a smaller organization.

I would be prepared to accept that competency at lower levels might be reasonably assessed in something like a classroom environment. Relevant examinations will require more than success with multiple choice questions, ... essay or case study questions will be necessary. And the resulting “proof” of competency is only competency at a base, typically rather junior, level. A credential that requires such “proof” of competency would be primarily useful for those entering the field. Such “proof” of competency would be of only the most limited value for those seeking more senior positions, either in a technical or management stream.

Breadth vs. Depth

The key “proof” behind certification for more senior positions must really be focused on demonstrated knowledge and understanding of best professional practices. In my mind, it comes down to the question of whether the certificant is trustworthy to undertake relevant work for a client or employer. That, in turn, can be broken down to questions about the trustworthy intentions of the individual and their trustworthy competency. Intentions are addressed by a Code of Professional Ethics and the enforcement procedures surrounding it.

The question of trustworthy competency can practically be reduced to questions of whether the individual will consider established best practices before undertaking an assignment. Has the individual demonstrated a reasonable understanding of the legal and regulatory framework within which the work will be conducted? Has the individual demonstrated a reasonable understanding of the broad, relevant systems life cycle and the best practices that could be applied at key points in that life cycle? Finally, has the individual demonstrated a detailed understanding of at least one relevant best practice and how it might be applied in a typical case?

The certified individual will not necessarily be competent in every possible assignment, but he or she can be counted upon to carefully consider best practices before undertaking any assignment. That best practice standard is really what the duty of professional care is all about. It’s also one of the key ingredients in “proving” the trustworthiness of the professional. Turning to the professional, the public should have trust that the care provided will meet a reasonable best practice standard.

Key Certification Components

1.     The certificant must demonstrate understanding of an enforced Code of Professional Conduct. (trustworthy intentions)
2.     The certificant must demonstrate a broad understanding of at least one relevant systems life cycle. (trustworthy competence - broad, part A)
3.     The certificant must demonstrate a detailed understanding of at least one established best practice and how it would be applied in a typical case. (trustworty competence, depth)
4.     The certificant must demonstrate an understanding of the relevant legal and regulatory environment. (trustworthy competence - broad, part B)   
5.     Finally, the certificant must regularly be required to provide evidence of continued professional standing. (currency)

In my view, a certification scheme that includes all five of these elements has some chance of success in North America. The only debatable element in this list of required elements is the fourth point. The public doesn’t always expect the professional to understand the legal and regulatory environment, but it would undeniably be valuable were the professional to have such understanding.

Having all five elements in a certification scheme does not, and cannot, guarantee success. There is clearly a market for IT certification schemes that include demonstrated understanding of specific technologies or specific best practices. Such schemes provide a very limited and restricted assurance of trustworthy competence - the certificant has proven that he or she understands the specific technology or best practice. There is no demonstrated understanding of anything beyond that specific technology or specific best practice.

Would the market embrace a broad IT professional certification scheme of the kind that I have sketched? It’s not clear. But it is clear that anything that falls significantly below this scheme will face a serious uphill battle. The “proof” behind IT professional certification needs to be real and defensible. I’ve sketched one approach that could be real and defensible. There may be others, but they need to meet the same test.