NADRA achieves international certification for security of biometric data
A trio of entities has announced certification for ISO/IEC 27001 to show their respective adherence to international cybersecurity standards and safe handling of biometric data. The international certification refers to the standard for information security management systems (ISMS) and their requirements.
The guidelines enable organizations to manage the security of various assets, including financial information, intellectual property, employee data and information entrusted by third parties.
The first of the entities on our list is Pakistan’s National Database and Registration Authority (NADRA), which said it received the certification in recognition of its commitment to protecting and safeguarding its information assets. Those assets include all of the biographic and biometric data held by the national digital ID system.
“International Standards Organization certification reflects that NADRA processes of managing its ID assets are governed by international standards, as endorsed by a third party audit,” comments NADRA Chairman Tariq Malik.
The executive explained that security by default (SbD) and privacy by design (PbD) protocols are important strategies for NADRA’s product and service development life cycle.
“This further reinforces NADRA’s commitment to maintaining security and integrity of citizen data and validates the security built into the application design and processes,” Malik adds.
NADRA also holds several other ISO certifications, including for ID card printing.
The certification comes weeks after Malik discussed Pakistan’s digital journey and future prospects.
Imprivata and Avatier
U.S.-based digital identity security and biometrics firm Imprivata also recently received ISO 27001 compliance and ISO 27701 certification.
The latter standard provides guidance for establishing, implementing, maintaining and improving a Privacy Information Management System (PIMS) in the form of an extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy management within the context of a company.
“We are honored to have achieved accreditation that validates conformity and certifies Imprivata’s information security and privacy information management systems against the strict ISO 27001 and 27701 standards,” comments Al Colon, Imprivata’s global head of security and compliance.
“These certifications demonstrate our continued commitment to information security at every level to ensure customers that the security of their data has been addressed, implemented, and properly controlled in all areas of our organization.”
Imprivata has also recently contributed to a research paper showing how digital identity improved infection control during the Covid pandemic.
The third entity receiving ISO 27001 certification is Avatier, an identity management and governance platform provider.
The company said it was certified by A-LIGN, an independent and accredited certification body based in the U.S. that also certified authID.ai.
“This certification demonstrates Avatier’s continued commitment to information security at every level and ensures our customers that the security of their data and information has been addressed, implemented, and properly controlled in all areas of their organization,” commented Avatier CISO Jeremy Russeau.
The certification comes more than a year after Avatier launched its passwordless biometric service for remote workers.