Overview of the Identification Management Standards

The New Zealand Identification Management Standards work together to provide assurance that an organisation has the right information about the right entities, helping minimise the risk of identity fraud.

Who should use these standards 

These standards are intended for use by public and private sector organisations and individuals who perform the role of a Relying Party and/or Credential Provider. 

Relying Parties

Organisations or individuals who carry out activities, such as providing entitlements, care, services, employment, and education, where they collect, store and maintain information about an entity.

This includes issuing or utilising authenticators — such as a swipe cards, pin numbers or passwords — to recognise those entities when they return in the future.

Table 1 describes the 3 assurance standards and the aspect of identification they relate to. 

Table 1: Assurance standards for Relying Parties 
Assurance standard Description

IA

Information Assurance

 Robustness of the process to establish the quality and accuracy of Entity Information

BA

Binding Assurance

 Robustness of the process to bind the Entity to Entity Information and/or Entity to Authenticator

AA

Authentication Assurance

 Robustness of the process to ensure an Authenticator remains solely in control of its holder

Credential Providers

Organisations that establish credentials — such as documents, licences and authenticators — that may be used to facilitate identification processes across multiple contexts. 

In addition to the standards in Table 1, Table 2 describes an additional assurance standard.

Table 2: Additional assurance standard for Credential Providers
Assurance standard Description

FA

Federation Assurance

 Additional steps undertaken to maintain the integrity, security and privacy of a credential used in many contexts

The approach to the standards development

The Identification Management Standards have been developed using the following overarching principles.

  • Risk-based approach — balancing effort with the risks posed by the service being delivered to the incorrect person.
  • Objective-based controls — controls that allow for multiple and evolving ways to meet them.
  • Channel and technology neutral — creating an environment where rules can be applied at a consistent level across delivery channels where environments and technologies change rapidly.
  • Privacy centric — supporting minimal data collection and consent-based information sharing.
  • No National ID — supports New Zealanders’ position regarding National ID.

Review of the standards

The Department of Internal Affairs (DIA) is responsible for the Identification Management Standards and continuously monitors developments in the field in order to identify business risks and improve practices.

If significant changes are identified, research may be undertaken, additional controls identified, and implementation timeframes specified.

Less significant changes and improvements may be addressed in updated guidance.

We welcome suggestions for how to improve these standards and guidance. Email your suggestions to identity@dia.govt.nz.

Utility links and page information

Was this page helpful?
Thanks, do you want to tell us more?

Do not enter personal information. All fields are optional.

Last updated