FP Complete provides an inspection service called “Audit” for blockchain-related engineering projects. This audit involves looking at samples of the engineering work, as provided to us by a client, and comparing them to sound engineering practices based on years of industry experience.
An audit certification means that time and effort has been spent examining such information, and that it appears to satisfy an acceptable percentage of our published engineering standards. No audit involves examining 100% of the work; audits are based on sampling. No audit implies an attempt to find hidden or suppressed information; audits are based on information voluntarily provided to us, staff permitted to communicate with us, and/or resources to which we have been granted access.
An audit certification does not imply that the project is free of defects, financially sound, a good investment, or suitable for any particular purpose. Also, it does not imply that any financial audit or
The projects we audit are typically still undergoing active change. No one should use any FP Complete audit result past the expiration date shown, and even then, bear in mind that an audit is inherently looking at the past, rather than the project’s latest status or
Every project we audit is part of a larger system. Important limitations, problems, omissions, or defects may characterize the larger system outside the audited
As industry practices and technology improve, audit criteria are expected to increase or change. Therefore a given level of audit certification at one time is therefore not equivalent to that same level of audit certification at another time. To understand the criteria that were used in a given audit, and for information on any special exceptions noted, be sure to examine the actual audit report, available from the FP Complete website and/or in a digitally signed publication from FP Complete.
As of this writing, the marks and certifications available from FP Complete include engineering underway, audit underway, bronze, silver, and gold. Here is an approximate summary of the criteria for each. We welcome community feedback on how to improve these criteria now and in the future.
FP Complete has been engaged by the client to assess and contribute to the project’s quality. This does not imply that improvements have yet been implemented. (We are considering not issuing this stamp until certain basic engineering practices have been set up.) This mark does not imply any audit, nor conversely does any audit mark imply this mark since FP Complete may audit projects to which it does not contribute.
FP Complete has been engaged by the client to audit the project. Since an audit result has not been published, this mark does not imply that any particular quality level has been achieved, nor that any problems identified so far have been published, nor that an audit is sure to pass. It merely means that either an audit certification will be delivered if so merited, or the client will be informed of areas for improvement.
Levels of Audit
A limited inspection has taken place, and the project meets a sufficient percentage of basic engineering criteria including source code management, project management, continuous integration systems, quality assurance practices, and technical documentation. Spot checks are made to seek evidence whether practices are being followed as described. Each examined area is found to be mostly compliant with best practices, and the nature of any noted exceptions is summarized in the published report.
In addition to the Bronze criteria, a much larger volume of documentation, code, and test cases are
In addition to the Silver criteria, a much larger amount of source code is spot-checked manually by a software engineer. Detailed coding practices are examined. More detailed DevOps practices are examined. Issue management and bug management are examined. Procedures for integrating and testing bug fixes are examined. Each examined area is found to be mostly compliant with best practices, and the nature of any noted exceptions is summarized in the published report. On the audit mark, three to five stars indicate the degree to which best practices have been complied with throughout all inspected areas. (Fewer than three stars prevent a Gold certification.)