Problem Reporting and Interpretations System |
|
|
Problem Reporting System Overview
The Problem Reporting System provides functionality to submit, search, and manage problem reports related to the NSI Certification and Verification Program. It uses a web front-end, which provides access to the repository of Problem Reports relating to the program. The web pages presented to a user of the system are tailored to their privileges on the system, which are controlled using their web authorization by a username and password. When a Problem Report is submitted, a clear distinction is made between the public and confidential information provided by the submitter. When searching, viewing and reviewing problem reports, only the Certification and Verification Authority (CVA) reviewers will see the confidential information.
Access to the Problem Report System
The problem reporting system is accessed using a series of URLs that can be bookmarked in a browser. However, the most natural starting points are the actions of searching the repository for existing problem reports and submitting new problem reports.
Access to the system requires privileges on the hosting web server. Privilege levels are granted based on group or access list memberships on the server. For example, users in one of the reviewer lists may review problem reports using the web interface, but users who are not in a reviewer list may only search for public information on problem reports.
The roles in the problem reporting system are listed below. In the list, SA is the Specification Authority (the group of people who develop and provide interpretations of the specifications), and CVA is the Certification and Verification Authority (the group of people who manage the certification and verification program):
| Member | Any user who has access to the problem reporting system, but has no review privileges. A member may only search for and view published problem reports, and they will only see public information in those problem reports, i.e. the anonymous problem description and only the resolution information for the reviews that occurred during the problem report resolution process. |
| SA Reviewer | A user with privileges to make comments in a Specification Authority (SA) review. An SA Reviewer may search for and view unresolved and public problem reports. They will see public information along with resolution information for any Certification and Verification Authority Authority (CVA) reviews in a problem report. In addition, they will see full review discussions for any SA reviews, and will be able to participate in the review discussion by submitting their own comments. Controlled by group membership. |
| SA Responder | A user with privileges to make the final response that closes a Specification Authority (SA) review. A SA Responder has SA Reviewer privileges, and additionally may provide the final public response to a SA review. Controlled by group membership. |
| VMMA Reviewer | A user with privileges to make comments in a Validation Metohd Maintenance Authority (VMMA) review. An VMMA Reviewer may search for and view unresolved and public problem reports. They will see public information along with resolution information for any Certification and Verification Authority (CVA) reviews in a problem report. In addition, they will see full review discussions for any VMMA reviews, and will be able to participate in the review discussion by submitting their own comments. Controlled by group membership. |
| VMMA Responder | A user with privileges to make the final response that closes a Validation Method Maintenance Authority (VMMA) review. A VMMA Responder has VMMA Reviewer privileges, and additionally may provide the final public response to a VMMA review. Controlled by group membership. |
| CVA Reviewer | A user with privileges to make comments in a Certification and Verification Authority (CVA) review. A CVA Reviewer may search for and view unresolved and public problem reports. They will see both public and confidential information in a problem report, and resolution information for any Specification Authority (SA) reviews in a problem report. In addition, they will see full review discussions for any Certification and Verification Authority (CVA) reviews, and will be able to participate in the review discussion by submitting their own comments. Controlled by group membership. |
| CVA Responder | A user with privileges to make the final response that closes a Certification and Verification Authority (CVA) review. A CVA Responder has CVA Reviewer privileges, and additionally may provide the final public response to a CVA review. The CVA Responders are also responsible for notifying the submitter of the problem report of its progress through the process, and updating the system based on the submitter's response. Controlled by group membership. |
Life-Cycle of a Problem Report
The Problem Reports tracked in the system go though the life-cycle described below. This description covers those parts of the life-cycle that have software support, though this does not include all the possible states in the Problem Reporting and Interpretations process.
Member Action - Raise a Problem Report
All members can submit problem reports. Submitters provide their name, contact, company, and business practice or technology information, which are all kept confidential. Submitters also provide information on the problem, including a description and their own classification of the type of problem (see below), and references to any test suites or specifications involved. This information is public and will be visible to all users of the Problem Reporting system.
When a member first submits a problem report, it enters a review state based on the submitter's classification of the problem. If the classification is a System Deficiency (SD) a CVA review is started; otherwise, if the classification is an Interpretation (INT) request then a SA review is started. The appropriate reviewers will receive a notification email indicating that the Problem Report has been submitted and the review will start. Regardless of the classification of the problem report, the CVA and SA reviewers will always be notified when new reports are submitted.
Reviewer Action - Discuss a Problem Report in a Review
All users in the review group for a given type of review may join in the discussions on the Problem Report using the web interface and the URL provided to them in the review notification email. Comments will be accumulated in the review, but will only be visible to users of the particular review group, not to reviewers in other review groups (e.g. the CVA cannot see the SA review comments).
Responder Action - End a Problem Report Review
After reviewers have reached a conclusion about a Problem Report, one of the responders will provide the official response to the review and this closes the review. This response is the only information concerning a review that is publicly visible. The purpose of a SA review is to provide an opinion to the CVA so the CVA may provide a formal response to the submitter. So, if the review is a SA, a CVA Review is then automatically started (and SA Reviewers notified). If it is a SA Review, then the CVA is notified.
CVA Responder Action - Notify submitter of preliminary review outcome
After the preliminary CVA review of a Problem Report, the CVA notifies the submitter using the web interface. The review may not have been conclusive, and in which case a CVA Detailed Review will automatically be started. If the review was conclusive, the CVA will update the state of the Problem Report indicating the resolution, which will cause a notification email to be sent to the submitter.
CVA Action - Conduct a further Review
For Problem Reports that are still inconclusive after the preliminary review, the CVA will perform a further review, using the same process as is used for the preliminary reviews. A further review cannot return an inconclusive outcome. Either the final resolution is provided, or if the outcome is still not finalized, then an interim resolution must be provided. Any number of further reviews may be carried out.
Submitter Action - approve or appeal resolution
The submitter must respond by email to the CVA to indicate whether they agree to the resolution of their Problem Report, or not, in which case, the submitter may appeal.
CVA Responder Action - Publish Problem Report or mark as Appealed
The CVA will update the Problem Report to reflect the submitter's response. If the response is acceptance of the resolution, the CVA will publish the Problem Report; otherwise it will be marked as appealed.
CVA Responder Action - Notify submitter of appeal outcome
If a submitter has appealed the resolution of a Problem Report, the appeals process defined in the NSI Certification/Verification Policy will be used to resolve the issue. This process is not tracked in the Problem Reporting system. However, once the appeal outcome is known, the Certification and Verification Authority will notify the submitter and publish the Problem Report with the final outcome.
Please note, if the system is configured for Working Group Only Resolution, reviews or actions by Certification and Verification Authority will be eliminated. Once a final resolution is given by the Working Group, the system will automatically reflect the result without Certification and Verification Authority intervention.
