FB pixel

For Kantara, ISO 17065 means more clarity, flexibility in certification

New CTO breaks down ‘dictatorial’ standard for accredited certification bodies
Categories Biometric R&D  |  Biometrics News  |  Trade Notes
For Kantara, ISO 17065 means more clarity, flexibility in certification
 

Kantara Initiative is transitioning its U.S. operations to the ISO/IEC 17065 standard for conformity assessment. In a video presentation, Kantara’s Chief Technology Officer Dr. Carol Buttle provides a brief primer on how the change will benefit digital identity service providers (IDSP) and other companies undergoing identity assurance assessments, what it means for Kantara – and why, exactly, Kantara is making the change.

Larger shifts in digital identity ecosystem drive change

For identity verification providers, the benefits of a trustmark include increased customer confidence, proof of regulatory compliance, and the contribution to a level, unbiased playing field across the digital ID industry internationally.

But none of that matters if the certifying body can’t be trusted. ISO/IEC 17065 codifies trust, ensuring that the organization bestowing it is legitimate and qualified to do so.

Buttle says Kantara is adopting it in the U.S. (it already applies in the UK) to line up with shifts in the larger digital ecosystem – “digital identity, AI, wallets, you name it, that whole industry.” As the ecosystem grows, risks proliferate, and gaps in legislation become apparent. Hence the demand for increased governance in the form of internationally recognized certification schemes, which help organizations like Kantara set boundaries and draw clear lines.

ISO/IEC 17065 provides “requirements for bodies that perform certification of products, processes and services.” In effect, it accredits those who certify others, laying down a clear framework for robust certification processes grounded in the principles of integrity, impartiality, competence, consistency, reliability, transparency, accountability and confidentiality.

‘Quite stringent, quite harsh’: standard demands genuine expertise

Providing a detailed breakdown of Kantara’s certification process under 17065, from testing and evaluation through the issuance of a trustmark, Buttle says the standard sets “a very high bar in terms of what Kantara needs to prove.”

Requirements listed in 17065 are divided into five categories: general requirements, structural requirements, resource requirements, process requirements and management systems requirements. Buttle emphasizes the stringency of the standard, and how that reflects on Kantara and its team.

“17065 is quite dictatorial in the fact that anybody who’s actually operating under this must have people who can prove their competence, and must be specialists in their areas,” she says. “That means that they’ve got to be specialist certification people, specialist auditors and people who actually understand what it is that they’re evaluating.”

Standard allows blended teams for expertise across competencies

Shifting to ISO/IEC 17065 means Kantara’s processes will be more transferable and adaptable to change. (It works in concert with a network of interrelated standards on conformity assessment, including ISO/IEC 17025, which accredits biometric labs.)

The breadth of the standard will put the organization in a better position to offer clear projections on cost, duration and scope of certification. And there is more flexibility in the composition of audit and certification teams, “so that if somebody is an absolute expert in GDPR, for instance, and somebody else is an absolute expert in biometrics, you can put a team together based on those competencies.”

Finally, says Buttle, “the difference is that as we move to this process we will be acting as a qualified accredited conformity assessment body (CAB), which means that we will be able to issue actual certificates” in the U.S.

Related Posts

Article Topics

 |   |   |   |   |   |   |   |   | 

Latest Biometrics News

 

Biometrics connecting ID and payments through digital wallets, apps and passkeys

Biometrics are connecting with payment credentials, whether through numberless credit cards and banking apps or passkeys, as the concrete steps…

 

Reach of Musk, DOGE’s federal data access sets off privacy, security alarms

Led by tech billionaire Elon Musk and a shadowy team believed to be under his control, the United States DOGE…

 

Mobile driver’s licenses on the cusp of ‘major paradigm shift’

More entities have integrated the California mobile driver’s license (mDL) credential for identity verification. Although just 15 states have introduced…

 

Gesture-based age estimation tool BorderAge joins Australia age assurance trial

Australia’s age assurance technology trial is testing the new biometric tool that performs age estimation based on hand gestures. The…

 

European AI compliance project CERTAIN launches

The pan-European project to create AI compliance tools CERTAIN has kicked off its work, with the goal of making European…

 

Signaturit Group acquiring Validated ID for undisclosed sum

Spain-based digital identity and electronic signature provider Validated ID is being acquired by Signaturit Group, a European company offering identity…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events