Guide to the NSI Certification and Verification Program
Issue 1.2 - March 2017
Table of Contents
1. Introduction
1.1 Referenced Specifications
2. How to Achieve NSI Certification or Verification
2.1 Understanding the Certification and Verification Program
2.1.1 The NSI Certification/Verification Policy and Policy Supplements
2.1.2 The NSI Conformance Requirements Documents
2.2 Confidentiality
2.3 Preparing for Certification or Verification
2.4 Certification/Verification
2.5 The NASPL Certification/Verification Trademark License Agreement (TMLA)
2.6 The NSI Certification/Verification Agreement
3. Organization-level Certification/Verification Steps
3.1 Registering your Organization3.1.1 Organizational Contacts3.2 Completing the Trademark License Agreement
3.3 Maintaining Up-to-Date Contact Information
4. Certification/Verification Against a Best Practice or Technical Standard
4.1 Registration, Submission of Certification/Verification Information, and Validation Process
4.1.1 Payment4.2 Completion of Certification/Verification
6. Certified/Verified Entity Modifications and Updates
7.1 The Appeals Process
8. Certification/Verification Steps
1. Introduction
This document is a guide for organizations who want to certify or verify business practices and/or technologies in the North American Association of State and Provincial Lotteries (NASPL) Standards Initiative Certification and Verification Program. It will guide you through all the steps required for certification or verification.
NASPL Standards Initiative (NSI) certification/verification is awarded to those business practices and technologies that have been certified or verified by the NSI Certification and Verification Authority as having demonstrated their conformance to the applicable conformance requirements. The detailed requirements for conformance are identified in the various NSI Conformance Requirements documents. Only organizations with a certified or verified business practice or technology (a "Certified/Verified Entity") may use the NASPL certification/verification trademark in connection with their business practice or technology.
The NSI Certification/Verification Policy and the Policy Supplements (collectively, the "Certification/Verification Policy") govern the NSI Certification and Verification Program. The Trademark License Agreements govern the use of the applicable NASPL Certification/Verification Logo. The NSI Certification/Verification Agreement covers the terms and conditions of the certification/verification service, along with the obligations of the organization certifying or verifying a business practice or technology. Your organization must agree to the terms and conditions outlined in the Certification/Verification Policy and both legal agreements prior to certification/verification. For your convenience, significant highlights of the NSI certification/verificationprocess are outlined below, and later sections provide more comprehensive information.
- The Open Group (the "Certification and Verification Authority") administers the NSI Certification and Verification Program on behalf of NASPL as its designated Certification and Verification Authority.
- Your organization will be granted a license to use the NASPL Certification/Verification Logo in connection with your business practice or technology when your business practice or technology meets all the requirements for certification or verification as defined in the Certification/Verification Policy and your organization has formally agreed to all the required terms.
- The applicable NASPL Trademark License Agreement must be fully signed (signatures are required from both you and NASPL) in order to have a business practice or technology certified or verified.
- A Certified/Verified Entity is subject to re-certification or re-verification on a periodic basis as stated in the Certification/Verification Policy.
- All business practice and technology specific information supplied to the Certification and Verification Authority will be treated as confidential, as required by the NSI Certification/Verification Agreement.
- The NSI Certification and Verification Authority may, from time to time, request proof that your business practice or technology remains in compliance with the requirements outlined in the NSI Conformance Requirements, as required by the Certification/Verification Policy.
At the end of this document is a list of certification/verification steps to help you make sure that your business practice or technology registration is complete.
Note: In the event of any conflicts, this guide defers to the NSI Certification/Verification Policy and Policy Supplements, the applicable NASPL Trademark License Agreement, and the NSI Certification/Verification Agreement.
1.1 Referenced Specifications
The specifications currently referenced for the NSI Certification and Verification Program are:
- Best Practice for Quality Assurance of Product Development in the Lottery Industry: Acceptance Testing, Document Number BP0403, April 2004, and any Corrigenda issued against such Best Practice
- Best Practice for Quality Assurance of Product Development in the Lottery Industry: Development Process, Document Number BP0402, April 2004, and any Corrigenda issued against such Best Practice
- Best Practice for Quality Assurance of Product Development in the Lottery Industry: Requirements Definition, Document Number BP0401, April 2004, and any Corrigenda issued against such Best Practice
- Best Practice: Standard Request for Proposal Template, Document Number BP0501b, April 2007, and any Corrigenda issued against such Best Practice
These are referenced by the NSI Conformance Requirements documents and are located at http://www.opengroup.org/naspl/published.
You should be familiar with the appropriate Best Practice and Technical Standard specifications prior to commencing certification or verification.
Click Here for Getting Started for Certification
Click Here for Getting Started for Verification
2. How to Achieve NSI Certification or Verification
This guide details the steps you are required to take to achieve certification or verification, and provides information on how to perform each of these steps.
The process involves:
- Understanding the Certification and Verification Program and process, including the confidentiality policies
- Reviewing the applicable conformance requirements and ensuring that your business practice or technology is ready for certification/verification
- Registering your business practice or technology for certification or verification
- Undergoing formal validation of your business practice or technology against the conformance requirements
2.1 Understanding the Certification and Verification Program
To become familiar with the program, you should read the following program documents:
- The NSI Certification/Verification Policy
- The applicable Policy Supplement(s)
- The NSI Conformance Requirements documents
2.1.1 The NSI Certification/Verification Policy and Policy Supplements
It is best to start with the NSI Certification/Verification Policy and the applicable Policy Supplements. These policy documents are the foundation of the program. They provide information on what can be certified or verified in the program, what it means to be certified/verified, what is required to get certified/verified, and how to make sure that a business practice or technology remains certified/verified.
2.1.2 The NSI Conformance Requirements Documents
The applicable NSI Conformance Requirements documents should then be read to understand the detailed conformance requirements against which a business practice or technology may be certified/verified. The NSI Conformance Requirements documents provide a mapping between a business practice or technology and the NSI Best Practices and Technical Standards. There is an NSI Conformance Requirements document for each entity that can be certified or verified in the program.
The current Conformance Requirements documents against which vendors, manufacturers, or retailers may certify entities are:
The current Conformance Requirements documents against which lotteries may verify entities are:
You should review Section 3, "Conformance", of the Certification/Verification Policy along with the NSI Conformance Requirements documents to identify those areas against which you would like to have your business practice or technology certified or verified.
2.2 Confidentiality
Your organization and business practice or technology information is absolutely confidential between you and the NSI Certification and Verification Authority. This is effective once you accept the NSI Certification/Verification Agreement, which is a prerequisite to registering for certification or verification. The Certification and Verification Authority does not make any certification or verification information available to any third party without the written permission of the organization.
Upon successful completion of the certification or verification process, the Certified/Verified Entity will be included in the publicly available Register. Your organization may request that this information be kept confidential for up to 6 months from the date of written notification by the Certification and Verification Authority that your business practice or technology has achieved certification or verification. This request for confidentiality must be made at the time of registration.
See Section 12 of the NSI Certification/Verification Policy for further information on the confidentiality policy related to certification/verification.
2.3 Preparing for Certification or Verification
You should read the Conformance Requirements documents applicable to the business practice or technology you are considering certifying or verifying to ensure you understand the requirements for certification/verification. Your organization should use whatever methods you deem appropriate to make sure that your business practice or technology meets the applicable conformance requirements and is ready for entry into the Certification and Verification Program.
Specific preparation steps for certification/verification against a particular Best Practice or Technical Standard can be found in the appropriate Guide Supplement.
2.4 Certification/Verification
Certification/verification is a formal process. Your organization must warrant and represent that your business practice or technology meets all the conformance requirements applicable to the NSI Conformance Requirements document against which it is to be certified or verified.
The obligations, terms, and conditions of certification/verification are fully set out in the following documents:
- The NSI Certification/Verification Policy and Policy Supplements
- The applicable NASPL Trademark License Agreement
- The NSI Certification/Verification Agreement
It is necessary to read these documents before you start the process in order to fully understand the policies and requirements.
To achieve certification or verification, your organization must complete both the organization-level steps described below as well as the steps specific to certification/verification against a particular Best Practice or Technical Standard, as described in the appropriate Guide Supplement.
2.5 The NASPL Certification/Verification Trademark License Agreement (TMLA)
The NASPL Certification/Verification Trademark License Agreement is between you and NASPL and requires signature by each party. The TMLA defines the terms under which you will license the NASPL Certification/Verification Logo for use in connection with your Certified/Verified Entities.
It is recommended that you commence the process to complete the applicable NASPL Trademark License Agreement as soon as possible to save delays later on. A Trademark License Agreement must be signed by both you and NASPL before a business practice or technology can be certified or verified and entered onto the Register.
The Trademark License Agreement only needs to be entered into once per organization. Once it is in place multiple business practices and/or technologies can be certified or verified, without the need to execute another agreement with NASPL.
2.6 The NSI Certification/Verification Agreement
You are required to agree to the NSI Certification/Verification Agreement for each business practice or technology registration.
The NSI Certification/Verification Agreement is between you and the Certification and Verification Authority. It defines the service provided by the Certification and Verification Authority and the legal commitment by your organization to the conditions of the Certification and Verification Program. This is also where your organization warrants conformance of your business practice or technology to the relevant Conformance Requirements document.
3. Organization-level Certification/Verification Steps
The first two steps below need to be performed once per organization. They are the first steps to be performed when an organization wishes to certify or verify its first business practice or technology. Thereafter, an organization must ensure that contact information is maintained such that it is up-to-date.
3.1 Registering your Organization
The NSI Certification and Verification Authority provides a web-based certification/verification program through which business practices and technologies can be submitted for certification or verification. The entry point is at the Home page.
In order to start the registration process, first you must fill out the NSI Registration Form, where your Organizational Contacts are defined. (i.e., you are either a Key or Technical contact for your organization - see Section 3.1.1, Organizational Contacts, for further information). If you are not the Key or Technical contact, then you should inquire within your organization to determine who the Key Contacts are and ask them to add you as a Technical Contact. If you are unable to determine who your organization's Key Contacts are, you may contact the Certification and Verification Authority requesting such information. If you do have permission, then skip to the appropriate section below in order to register your business practice or technology against a specific set of Conformance Requirements.
To register your organization, you need to provide information about your organization and specify the name and contact information for the following contacts:
- The Authorized Signatory who will authorize your organization's registration. The Authorized Signatory must be someone who is authorized to enter into legal commitments on behalf of the organization.
- The Primary Certification/Verification Contact, who will be the organization's primary contact for all certification/verification-related issues.
- An optional Alternate Certification/Verification Contact , who will be the back-up for the Primary Certification/Verification Contact.
- The organization Finance Contact, who will be the contact for any organization-level payment and/or invoicing issues, and for payment/invoicing issues for individual registrations in cases where no business practice or technology specific Finance Contact is specified.
- An optional organization Marketing Contact, who will be the contact for any organization-level marketing-related certification/verification issues and for marketing-related issues for individual registrations in cases where no business practice or technology specific Marketing Contact is specified.
- Optional Technical Contacts, who will have the ability to register business practices and technologies for certification or verification, in addition to the Primary Certification/Verification Contact, Alternate Certification/Verification Contact, and Authorized Signatory.
3.1.1 Organizational Contacts
When specifying contacts for your organization, it is important to understand that the different contacts have different roles, capabilities, and responsibilities. A given individual may be specified for more than one of the contact fields. Only individuals who are designated as one of the contacts for your organization will have access to your organization's information, and only to the extent provided by the role to which they are assigned.
Key Contacts
The specified Authorized Signatory, Primary Certification/Verification Contact, and Alternate Certification/Verification Contact are considered "Key Contacts" within the system. Key Contacts have the ability to access and/or modify any of the information on the organization and its business practices or technologies that are registered for certification or verification. Key contacts are able to register business practices or technologies for certification or verification or name the individuals who may perform such registrations, via specifying these individuals as Technical Contacts. Key Contacts have the ability to add, modify, or delete information on the Technical Contacts list, or change the named Technical Contacts on individual registrations.
Technical Contacts
Technical Contacts may be specified during the initial registration of your organization or, after your organization account has been activated, the Key Contacts may specify or update the Technical Contacts list at any time.
Technical Contacts, along with Key Contacts, are authorized to submit business practices and technologies registrations to the Certification and Verification Authority (CVA). However, unlike Key Contacts, Technical Contacts will only have the ability to manage (i.e., register and modify information on) those business practices or technologies for which they are a named Primary Technical Contact or Alternate Technical Contact. Technical Contacts will be able to view organization-level information and information on other business practice or technology registrations submitted by others, though they won't be able to modify such information.
Via the use of Technical Contacts, an organization may specify individuals who are responsible for a particular certification(s) or verification(s) for the organization.
Finance and Marketing Contacts
Finance and Marketing Contacts, at both the organizational level and the business practice registration or technology registration level, are not provided with access to the registration submission. These contacts are provided for informational purposes for the Certification and Verification Authority to use to address any financial (payment, invoicing, etc.) issues and marketing issues or announcements.
3.2 Completing the Trademark License Agreement
A requirement of certification/verification is that you must execute a Trademark License Agreement ("TMLA") with NASPL.
Although a completed Trademark License Agreement is not required before you commence with organization and business practice or technology registration, we recommend that you submit your signed Trademark License Agreement to NASPL as early as possible in the process. You can download the applicable TMLA from the link provided on the nav bar of the certification/verification website and follow the instructions on the signature page of the TMLA for submitting it to NASPL. NASPL will submit the executed TMLA to the CVA.
3.3 Maintaining Up-to-Date Contact Information
Each organization is responsible for ensuring that the contact information associated with their account is current. This includes both the organization-level contact information and the contact information specific to each business practice or technology registration. Current contact information means that the correct people are identified as contacts for the various roles on the registration form, and that their contact details are correct.
To change a contact's name or email address, information for Finance or Marketing Contacts, or to specify a different individual as the contact, please send a request to the Certification and Verification Authority via email at .
4. Certification or Verification Against a Best Practice or Technical Standard
Prior to registering your business practice, please ensure that:
- Your organization registration has been submitted, as per Section 3.1, Registering your Organization.
- You are either a Key Contact or Technical Contact for your organization, and thus have permission to register your business practice or technology.
4.1 Registration, Submission of Certification/Verification Information, and Validation Process
The next steps in the certification/verification process are to:
- Provide payment for all fees associated with the registration (see Section 4.1.1, Payment, below)
- Submit any supporting documentation required for certification/verification, including the Conformance Statement
- Perform the validation process (done by the CVA)
Specific instructions for performing these steps can be found in the appropriate Guide Supplement.
4.1.1 Payment
Payment is required to complete registration of your business practice or technology. Payment may be made by credit card, electronic payment or check.
Verification Registration
Payment is to be made to NASPL directly.
Certification Registration
For Certification, payment is to be made to the CVA. For further information on these payment options, see http://www.opengroup.org/payment/.
If you wish to pay by credit card, please complete the requested information regarding the credit card account you would like to use. A receipt for the payment will be sent to the cardholder.
If payment is to be made via electronic payment or check, you should commence this process as soon as the registration is submitted. Please contact the Certification and Verification Authority via to arrange payment. When the Certification and Verification Authority receives your payment, they will send a receipt to your Finance Contact, indicating that payment has been received. This receipt contains all the same information as is typically provided in an invoice.
If you require an invoice to be sent prior to your organization making payment, please notify the CVA via email and specify the contact to which the invoice should be sent. By default, invoices are sent to the Finance Contact, but you may select a different contact if desired, and you will be required to confirm the billing address for the specified contact. The Primary Technical Contact will also receive a copy of the invoice.
If payment is made by a method other than credit card, the system will automatically place a payment "hold" on the registration. This hold will not be released until either payment is received or the Certification and Verification Authority's Finance department explicitly authorizes release of the hold prior to receipt of payment.
While your registration is on hold, you will still be able to upload the Conformance Statement and other Indicators of Conformance. However, the Certification and Verification Authority will not review these documents or perform any other processing of the registration until the hold has been released.
See the Certification Fee Schedule or the Verification Fee Schedule for the applicable fee schedules. For payment procedures that are specific to a particular certification or verification, see the appropriate Guide Supplement.
4.2 Completion of Certification/Verification
Once your submission is complete and a NASPL Trademark License Agreement is in place, you will be notified of successful certification or verification within 10 business days. If for any reason the submission was not complete, you will be notified so that any corrections can be made and resubmitted. Such a resubmission needs to be done within 60 calendar days unless an extension has been granted by the Certification and Verification Authority. The initial certification/verification fee covers one set of corrective actions.
Once you have been notified of a successful certification or verification, your business practice or technology will be put on the public Register, unless you requested that it remain confidential. To keep the certification/verification confidential, this option must be selected on the Registration Form. In this case, your business practice or technology will not be added to the Register until the earlier of your notification to the Certification and Verification Authority that you would like to end the confidential period, or the expiration of the confidential period, which occurs six months from notification of a successful certification or verification.
When a certification or verification has been made public, the certificate is visible and available on the appropriate register.
You should note that certification/verification is valid for a defined period as stated in Section 9.1, "Duration of Certification/Verification", of the NSI Certification/Verification Policy document. At the end of that period, if you wish your Certified/Verified Entity to remain certified/verified you will need to renew your certification/verification as defined in Section 5, Renewals Process, below.
5. Renewals Process
When your business practice or technology is certified or verified, it remains so for a defined period, after which it must be renewed or else it will no longer continue to be certified/verified. The Certification and Verification Authority will notify you in advance by electronic mail when a renewal is due (so it is important to keep your organization's contact information up-to-date). At any time, you may view the renewal date on the appropriate Register.
Renewal implies that your Certified/Verified Entity continues to conform and, in the case of technologies, that you will continue to support your technology for the duration of the renewal period.
Renewal is performed by submitting the Renewal Registration Form to the Certification and Verification Authority.
Please see Section 9.2, "Renewal Process", of the NSI Certification/Verification Policy document for further information on the requirements and process for renewal. Specific steps for renewing a particular certification/verification can be found in the appropriate Guide Supplement.
6. Certified/Verified Entity Modifications and Updates
Any modifications to your Certified/Verified Entity must be made in accordance with the requirements defined in the Certification/Verification Policy. You should read the requirements in the policy documents thoroughly since they describe multiple scenarios related to business practice or technology changes. In some cases, the modification or update necessitates a new certification/verification, whereas, in other cases, you can update your existing certification/verification.
Updates to your Certified/Verified Entity's certification/verification are performed by the Certification and Verification Authority. If an update is needed to your certified/verified entity, submit the Organization Update Form to the Certification and Verification Authority at . at You may access the Update Form on the navigation bar on the Certification/Verification website.
Specific steps for maintaining certification or verification for a Certifieds/Verified Entity that has been modified can be found in the appropriate Guide Supplement.
7. Supporting Processes
7.1 The Appeals Process
You may appeal decisions made by NASPL, the NASPL Standards Initiative, or the Certification and Verification Authority as stated in Section 11, "Appeals Process", of the Certification/Verification Policy document. Any request for appeal should be sent by electronic mail to . The Certification and Verification Authority will acknowledge receipt of such a request within six business days and the appeals process will be invoked.
8. Certification/Verification Steps
The following list of certification/verification steps is provided to assist with completion of your business practice or technology registration:
| Understanding the certification/verification program and process | |
| Have you read the NSI Certification/Verification Policy and Policy Supplements? | YES / NO |
| Have you read the applicable NSI Conformance Requirements document(s)? | YES / NO |
| Legal Agreements | |
| Have you read the applicable NASPL Trademark License Agreement? | YES / NO |
| Have you read the NSI Certification/Verification Agreement? | YES / NO |
| Have you passed the above agreements to your legal representative? | YES / NO |
| Has the applicable NASPL Trademark License Agreement been completed and submitted to NASPL? | YES / NO |
| Has the applicable NSI Certification/Verification Agreement been completed and submitted to the CVA? | YES / NO |
| Registering your organization | |
| Has the NSI Registration Form been completed and submitted to the NSI CVA? | YES / NO |
| Has the Conformance Statement been completed and submitted to the NSI CVA? | |
| Has the Supporting Documentation been completed and submitted to the NSI CVA? | YES / NO |
| Have you completed and submitted the Conformance Statement? | YES / NO |
| Have you completed and submitted the appropriate Applicant Checklist? | YES / NO |
| Have you provided any remaining information? | YES / NO |
CAMPO