Certification is a comprehensive evaluation of a process, system, product, event, or skill, typically measured against some existing norm or standard.
Most European nations have similar organizations established to provide accreditation services within their borders.
[1] Certification is the process of evaluating, testing, and examining security controls that have been pre-determined based on the data type in an information system.
The certification process ensures that security weaknesses are identified and plans for mitigation strategies are in place.
In IT governance, the primary reason why certification and accreditation (C&A) process is being performed on critical systems is to ensure that the security compliance has been technically evaluated.