Providers of digital identity services
Information for providers of accredited digital identity services, including the application process.
Application process
Expected availability: late .
Who checks and approves the applications
The Trust Framework (TF) Authority handles the accreditation process for providers of digital identity services.
What the Trust Framework Authority checks — requirements
Accredited providers must demonstrate their ability to meet the:
- rules and regulations
- identification management standards
- Digital Identity Services Trust Framework Act — New Zealand Legislation.
Four key areas for the assessment
The TF Authority will review the controls you have in place. It will then make a decision about whether those controls properly manage the risks. The TF Authority will assess the following 4 areas.
1 — Provider
An assessment of the provider’s operational capability, confirming they meet the requirements set out in the legislation and regulations.
2 — Identification management
An assessment of the digital identity service against the identification standards. For areas not covered in the standards, an assessment against any TF Authority rules in identification management, sharing, facilitation and authorisation. There needs to be a live demonstration of the digital identity service.
3 — Privacy
An assessment of the provider’s compliance with the privacy-based rules and privacy principles.
4 — Security
An assessment of the provider’s compliance with the rules for security, information and data management, using relevant standards where applicable.
Successful accreditation
If accredited, you can deliver the accredited service or services under the Trust Framework and display an accreditation mark that applies to each accredited service.
TF Authority monitors compliance and performance
During accreditation, the TF Authority will monitor provider compliance and performance and has the power to investigate and audit trust-framework providers’ compliance with the Act, rules and regulations.
When to renew your accreditation
Accreditation of a Trust Framework provider or service expires at the end of the period set by regulations, currently proposed to be 3 years (36 months) after the date the accreditation was granted by the TF Authority.