The Need for Accreditation Speed

Sammanfattning: Security requirements on information systems needs a way to be verified for fulfilment. Accreditation is a tool to measure the level of compliance of the security requirements. Unfortunately, the accreditation process also comes with challenges. To be able to complete the whole accreditation process the practitioners need to have a rigorous time plan and a generous budget, something that are not always available. The aim of this research is to identify challenges with time and costs in the accreditation process. Thereafter, building upon the identified challenges, aspects that could address time and costs are then proposed as a new model for accreditation. The theory presents the importance of accreditations and known challenges of today. The theory also justifies the need of reducing these challenges. This research collaborated with a company that has experience in accreditation. The company was used to gather empirical data to widen the view of accreditation in a qualitative way. The chosen method for this research was Design Science Research. The method was performed in two iterations and the demonstration- and evaluation-step was performed with an expert-panel consisted of employees from the collaborated company. The conclusion of the research is that the identified challenges can be assessed in a qualitative way to be handled with the new accreditation model developed in this research. The new accreditation model is based on a meticulous analysis on the identified challenges and the different steps in the risk management framework from National Institute of Standards and Technology.