ISO, NIST compliance updates for Proof, Arana, Yoti, authID
Arana Security, Yoti, Proof and authID have each announced compliance with data security standards to provide clients with assurance that their handling of biometrics is safe, while a national ID authority has paused third-party enrollments to ensure they meet international standards.
Arana Security Ltd obtains ISO 9001 certification
Arana Security Ltd. has recently announced its ISO 9001 certification. ISO 9001 certification holds several important implications for clients of Arana Security. The company’s certification signifies adherence to consistent quality, customer focus, risk management, continuous improvement, and transparency and accountability standards.
Achieving ISO 9001 certification involves rigorous assessment by an accredited certification body,
to ensure that the organization’s quality management practices align with the standard’s principles. After completing this process, they must maintain ongoing compliance through surveillance audits and continuous improvement.
Companies aiming to achieve ISO 9001 certification are asked to establish a robust quality management system (QMS), and conduct an internal audit to identify and address any gaps in the QMS.
Yoti meets two new ISO standards
Yoti has announced its recent ISO 9001 and ISO/IEC 27701 standards certifications. These are in addition to its ISO/IEC 27001 certification, which it has held since 2015.
ISO 27701 is an international framework for data privacy. Most countries have laws on data protection and privacy. Those laws tell a company what they need to do to comply. Though they are broadly similar, some details tend to differ across jurisdictions. To allow for these differences, ISO 27701 guides companies on best practices for managing their privacy and data protection activities. Companies must document how their practices adhere to the standard’s requirements. Internal and third-party auditors must also audit them.
ISO 27701 relies on ISO 27001, the information security management system (ISMS) standard. ISO 27001 provides companies with guidance for establishing, implementing, maintaining and improving an ISMS.
Proof certified for NIST IAL2 compliance
Proof, a remote online notarization and digital signatures company, has announced that Kantara Initiative organization has certified its Identity Assured eSignature service to be compliant with the National Institute of Standards and Technology’s (NIST) SP 800-63 rev.3 standard at Identity Assurance Level 2 (IAL2). Kantara’s Trust Mark certifies that Proof meets the NIST’s rigorous digital identity verification requirements.
This marks the first organization approved by Kantara that connects an electronic signature to an IAL2-compliant all-on-one identity platform, according to the announcement. Proof says it is the only platform that meets the regulatory requirements for agreements with stricter electronic signature standards. IAL2 is rapidly becoming the new standard for government and industry to ensure trust in their most critical agreements.
“Our vision at Kantara is to ensure all identity-based online transactions are secure, and signatures are no exception,” says Kay Chopard, executive director of Kantara Initiative. “Proof’s solutions adhere to the most rigorous identity verification standards, reflecting their commitment to providing trustworthy signatures which will protect businesses and consumers.”
For digital agreements, Proof provides the technology to validate government-issued IDs and confirm identity through biometric verification. If this process needs to be escalated to a human, Proof will instantly connect the customer with a trusted referee to have their identity verified with a notary face-to-face.
Travis Jarae, CEO of digital identity strategy and market analysis firm Liminal, comments: “Digital identity is not just constrained to onboarding or checkout. Businesses need to protect all customer interactions, which includes the agreements they have customers sign. We’re thrilled to see Proof advance the standards around electronic signatures, just as they have done with online notarization.”
authID renews ISO 27001:2013 certification for biometric platform
AuthID has announced the renewal of its certification as an ISO 27001:2013 certified provider whose Information Security Management System (ISMS).
Issued by A-LIGN, an independent and accredited third-party auditor, the renewed ISO 27001 certification proves that authID has implemented rigorous international security management standards for its biometric identity proofing and authentication system.
AuthID’s patented biometric identity platform provides security to protect workforce and consumer platforms against identity fraud and unauthorized access due to compromised credentials. The company provides document-based identity verification for fraud prevention during digital onboarding, and then binds the user’s identity to a cloud biometric root of trust to protect against phishing and account takeover attacks. FIDO2 passwordless login and account recovery and authentication can then be performed with a secure and portable biometric selfie.
This renewed ISO certification builds on authID’s existing security standards compliance, including ISO 30107-3 Level 1 and 2 for Presentation Attack Detection (PAD) and its previous attestations for SOC 2 compliance.
“Ever-increasing cyberthreats mandate the deployment of ‘zero trust’ cybersecurity and risk management strategies,” said Thomas Szoke, Chief Technology Officer of authID. “The renewal of our ISO 27001 certification reaffirms authID’s commitment to offering our customers the highest level of assurance that our systems operate within a secure environment while delivering fast, accurate and seamless identity experiences.”
Nigeria reviews enrollment partner compliance
Nigeria’s National Identity Management Commission (NIMC) has announced that all National Identification Number (NIN) enrollment activities at its Front End Partners (FEPs) centers have been temporarily suspended, pending the outcome of its FEP revalidation exercise. The revalidation exercise for all FEPs is a prerequisite for renewing the centers’ licenses.
The exercise is part of the NIMC’s ongoing efforts to drive operational efficiency and ensure compliance with data security standards amongst the FEPs, which enroll the biometrics of NIN applicants.
NIN enrollment, data modifications, and other NIMC-offered services will be available nationwide at all NIMC offices to ensure this exercise does not negatively impact the public. NIMC is working on a contactless solution for Nigerians living or working outside the country.