3. TOM QUESTIONS
3.1 Company Details
Company Name
This should be the name your company is officially registered as. Not a trading name or sub-brand.
Company Registration Number
This is the registration number your organisation has with the relevant authority within your region.
Select the catagory you wish to be considered under
Connection Protection (Not available as yet) Erasure and Disposal Protection Information Preservation & Investigation (Not available as yet) Investigative purposes (Not available as yet) Integrity Protection (Not available as yet) Media & Device Authentication (Not available as yet) Media & Information Protection (Not available as yet) Mobile & Remote Working (Not available as yet) Network Link Protection (Not available as yet) Verification Facilities (Not available as yet) N/A
Select the scheme or approval you wish to be considered under
UK GDPR Certification Scheme ADISA Standard 8.0 ADISA Product Certification - Product Claims Test ADISA Product Certification - Product Assurance ADISA Product Certification - Certified Sanitisation Software Vendor N/A
CUPAS is an assurance based scheme and each applicant should understand the supporting scheme or certifications which they currently hold to gain access to the CUPAS catalogue.
If no scheme or approval is held - please provide details of your product here.
Please provide a detailed description of the services or business activities which you wish you be assessed under this application.
SECTION 2: CONTACT INFORMATION
Please provide main contact details
Please provide Finance contact details
Directors
If you have additional directors, please advise by email, to info@tsfdn.org
3.2 GOVERNANCE
TRUSTWORTHY SOFTWARE MANAGEMENT SYSTEM (TSMS)
Question 3.2.1: Do you have a management system covering trustworthiness of your software?
Supplementary guidance: There is a list of topics to be covered in section 3.1 of [AD.3]. If you have a management system that only covers some of them, answer “In Part”.
Yes No In Part
Expected self-testing: Check your management documentation and processes against section 3.1 of [AD.3].
Question 3.2.2: Is your TSMS part of a wider management or certification system?
Yes No
Question 3.2.3: If yes, what is the name of that wider management or certification system?
Supplementary guidance: If it is not part of a wider system, leave this answer blank.
Answer: Insert here the name of the management or certification system fulfilling your TSMS requirements.
3.3 ROLES AND RESPONSIBILITIES
TRUSTWORTHY SOFTWARE RELEASE AUTHORITY (TSRA)
Question 3.3.1: Do you have a person or group with day-to-day responsibility for the management of your Trustworthy Software development, release, and maintenance?
Supplementary guidance: Elsewhere in this questionnaire this person or group is referred to as the Trustworthy Software Release Authority (TSRA), but you may have given it a more understandable name, or it may be part of a wider job function.
To answer “Yes”, your TSRA must be empowered by your Board or equivalent with sufficient authority to fulfil its functions.
Yes No
Expected self-testing: Identify the relevant person or group.
Question 3.3.2: What is the name of your TSRA or equivalent?
Supplementary guidance: If you have none, leave this answer blank.
Answer: Insert the name of the person or group fulfilling your TSRA role.
Question 3.3.3: Does your TSRA cover all relevant trustworthy software activities?
Supplementary guidance: The relevant activities are listed in section 3.2 of [AD.3]. If any are not performed by your TSRA, or you don’t have a TSRA, answer “No”.
Yes No
Expected self-testing: Compare the activities of your TSRA against the activities listed in [AD.3].
Please provide your Purchase Order number for the full application fee.*
Acceptance
By submitting this form I am consenting to the sharing of information between Trustworthy Software Foundation, CUPAS, ADISA and the UK Ministry of Defence.
I can confirm that information submitted is accurate to the best of my knowledge.
Please upload your signed Attestation:
Please upload a copy of the relevant certificate for the scheme you are registering:
This form uses Akismet to reduce spam. Learn how your data is processed.