Marketplace Certification Program

Overview

Marketplace acceptance is performed in 3 sequential stages:

   1. Workflow and Artifacts

   2. Security Process

   3. Go Live

✅  For you as a provider (who submits an App) - it is a way to show that your automation content is valuable.

✅  For you as a customer (who wants to buy an App) - it is a way to know that the content has undergone a verification process by the Kyriba Marketplace team.

Stage 1. Workflow and Artifacts

Submit a Use Case to the Kyriba Marketplace team, which must include the following information:

Business Use Case

  • Type of customers, this solution is for (size, geography, and segment)

  • Specific value added to the customer

  • Any mutual customers, including any that requested this connectivity

  • Any prospects or potential opportunities for growth

Technical Information

  • Proposed solution architecture and data flow

  • Solution scope in the target system and Kyriba modules needed (if known)

  • High-level test scenarios

Stage 2. Security Process

To increase the level of trustworthiness for Marketplace listings, all the Apps published on the Marketplace need to undergo a security review.

Given the fact that in some situations the Kyriba Marketplace team is not able to run the security scans and checks, an App listing can go through the following security review procedure.

Questionnaire

Before starting the development, please download and complete this mandatory InfoSec Questionnaire.xlsx.

Security Review

Once the solution is built, the App may need to have evidence of the following security steps:

  • Malware scan results

  • Static code analyzer results

  • Vulnerability in 3rd party dependencies (if applicable)

  • Penetration test (if applicable)

  • Other applicable security assessments

Controls Review

The provider may need to provide proof that their solution respects industry-specific security standards.

Some of the standards we might look for during this review are:

  • ISO/IEC 27001 and ISO/IEC 27002

  • The Payment Card Industry Data Security Standard (PCI DSS)

  • SOC (System and Organization Controls) 1 / SOC 2

  • Veracode Verified Continuous

Stage 3. Go Live

Certification Demo

To verify that the solution provides the stated functionality, the provider will showcase the functionalities of the App in a demo meeting.

Once the development is complete, the provider must request a certification demo meeting, to demonstrate the following:

  • The end-to-end execution of the solution

  • The necessary configurations

  • The inputs

  • The outputs

After the demo, the team may review internal logs and ask for follow-up evidence such as logs, inputs, or outputs. The meeting will be recorded and kept as an internal reference and potential for any training or education.

Pilot

Once the App is certified, it will be considered a pilot. It will be available to customers with a caveat that it is a pilot implementation, and may involve the product team. This ensures quality and documents any implementation details necessary for the general adoption. Once the first client implements the solution, it will be considered out of the pilot.

Timeline

The timeline to complete will depend on the App development by the provider. If the certification demo step is successful, it should take between 2-4 weeks from the request date.