Certifications
Certifications
iProov takes compliance very seriously, and complies with a number of industry standards.
FIDO Alliance
iProov Dynamic Liveness® is the world’s first FIDO-certified solution for remote Face Verification, accredited by Ingenium Biometrics.
What is it?
The FIDO Face Verification Certification is the most rigorous evaluation program that assesses the reliability, usability, and security of remote identity verification systems.
What does it mean?
Dynamic Liveness has undergone extensive evaluation of its face matching and liveness detection capabilities, conformant to ISO 19795 and ISO 30107 standards. The technology thwarted every type of presentation attack, such as photos, masks, face morphs, videos, and presented deepfakes.
The FIDO certification confirms the solution’s robustness, affirming its unparalleled defense against evolving threats throughout the entire identity lifecycle. It sets a quality standard and highlights vendors’ abilities to protect consumers from presentation attacks and presented deepfakes.
ISO 27001:2013
iProov is ISO 27001:2013 Information Security Management System (ISMS) certified.
What is it?
ISO/IEC 27001:2013 is the international standard for information security. ISO 27001’s best-practice approach helps organizations manage their information security by addressing people, processes, and technology.
What does it mean?
Certification to the ISO 27001 Standard is recognized worldwide and indicates that iProov’s ISMS is aligned with information security best practices.
iProov’s ISO Certificate number is 231387, and can be verified here: https://www.british-assessment.co.uk/verify-certification/
iBeta
ISO 30107-3 tested by iBeta
iProov’s Dynamic Liveness(R) and Express Liveness(TM) technology conforms with ISO/IEC 30107-3:2017 for testing Presentation Attack Detection (PAD) Levels 1 and 2.
What is it?
iBeta is a NIST NVLAP accredited biometrics testing lab (NVLAP Testing Lab Code 200962-0). iBeta Quality Assurance conducted Presentation Attack Detection (PAD) testing in accordance with ISO/IEC 30107-3. ISO/IEC 30107-3:2017 establishes:
- Principles and methods for performance assessment of presentation attack detection mechanisms;
- Reporting of testing results from evaluations of presentation attack detection mechanisms;
- Classification of known attack types
What does it mean?
iBeta has been conducting biometric testing as an independent third-party laboratory since 2012. During their testing of iProov’s technology, iBeta was not able to gain unauthorized access with Presentation Attacks (PA’s) yielding an overall PA success rate of 0%, which equates to the overall combined Imposter Attack Presentation Match Rate (IAMPR) of 0%. Independent testing reinforces the security of iProov assurance solutions.
ISO/IEC 19795-1:2006
iProov technology conforms with ISO/IEC 19795-1:2006 and is audited by the UK National Physical Laboratory (NPL)
What is it?
The UK National Physical Laboratory (NPL) NPL develops and improves methodologies for evaluating the performance of biometric systems, conducting evaluations and technical consultancy on biometric system performance, to lead to a more robust and accurate recognition. iProov’s methodology for testing biometric verification performance conforms to the relevant requirements of ISO/IEC 19795-1:2006, and these methodologies for testing presentation attack detection conform to ISO/IEC 30107-3:2017.
What does it mean?
iProov’s principles and methods to maintain the effectiveness of its presentation attack mechanisms are conformant to ISO/IEC 19795-1:2006
IRAP
Audited to iRAP (Information Security Registered Assessor Program) in Australia. Achieving IPD 3 (Identity Proofing Level 3), the highest level.
What is it?
The Information Security Registered Assessors Program enables Australian Government customers to validate that appropriate controls are in place and determine the appropriate responsibility model for addressing the requirements of the Australian Government Security Manual (ISM) produced by the Australian Cyber Security Center (ACSC).
What does it mean?
IRAP assessment ensures that controls, people, processes, and technology are robust enough to protect the Australian Government from data breaches. iProov enables citizens to securely perform a proof of liveness test at identity proofing level three (IP3) which is necessary to access government services. IP3 is the highest level of assurance and is required to prevent the creation of fraudulent identities. Under the Australian government’s trusted digital identity framework (TDIF), IP3 requires a ‘high confidence’ in the claimed identity and is intended for services with a risk of serious consequences from fraud.
European GDPR (General Data Protection Regulation) (EU) 2016/679 & UK Data Protection Act 2018
iProov solutions comply with the highest level of privacy protection in the world; European GDPR (General Data Protection Regulation) (EU) 2016/679 and the UK Data Protection Act 2018.
What are they?
EU GDPR: The General Data Protection Regulation is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area. The GDPR is an important component of EU privacy law and of human rights law, in particular, Article 8 of the Charter of Fundamental Rights of the European Union. UK Data Protection Act: The Data Protection Act 2018 controls how your personal information is used by organizations, businesses, or the government. The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR).
What do they mean?
Being compliant with GDPR and UK Data Protection demonstrates iProov’s robust data policies and processes, and strong understanding of privacy regulations.
eIDAS
eIDAS EN 319-401, plus modular certifications; eSig to Qualified level and eID assurance High. Due to annual eIDAS audits, also conformant to AMLD5 Article 24 (1)d. For this requirement, our Trust Service Practice Statement is publicly available in electronic format.
What is it?
eIDAS (electronic IDentification, Authentication and trust Services) is an EU regulation on electronic identification and trust services for electronic transactions in the European Single Market.
What does it mean?
iProov powered solutions conform to EN 319-401 certified by independent auditors including TÜV Austria CERT GmbH and Ernst & Young for conformance to eIDAS Clause 23 (d). In addition, iProov modular certification has been audited to Qualified level for eSig and Assurance level High for eID. Due to the regular and stringent audit processes, iProov’s algorithms also conform to AMLD5 Article 24 (1) d. These robust audits provide confidence in the rigor and strength of the solutions, minimize organizations’ operational overheads from separate audit processes, and speeding up time to market.
SOC 2 Type II
iProov is certified SOC 2 Type II
What is it?
SOC 2 certification is formed on a set of criteria called the Trust Services Principles, namely; Security, Availability, Processing Integrity, Confidentiality, and Privacy of the service providers system. SOC 2 Type II reports are the most comprehensive of the ‘3 SOCs”. This certification assures that the service provider’s system is designed with suitable organizational controls to ensure sensitive information is kept secure in the cloud.
What does it mean?
SOC 2 certification provides detailed information and assurance about iProov’s controls relevant to the security, availability, and processing integrity of the systems that we use to process users’ data and the confidentiality and privacy of the information processed by these systems.
W3C WCAG 2.2 AA & Section 508
iProov solutions conform with W3C WCAG 2.2 AA and Section 508.
What are they?
WCAG 2.2 AA Web Content Accessibility Guidelines are a set of recommendations for making Web content more accessible, primarily for people with disabilities. US Section 508 was enacted to eliminate barriers in information technology, make available new opportunities for people with disabilities, and to encourage the development of technologies that will help achieve these goals.
What do they mean?
The iProov system does not require complex instructions for users to read, understand, or execute – the user looks at the device, the device looks back and authentication is complete. Our user-centric design maximizes inclusivity, delivering the ability to onboard or authenticate users faster, with a simple and secure process. A Voluntary Product Accessibility Template (VPAT™) or EU Accessibility Statement is available upon request. Learn more about WCAG 2.2.
eID
iProov is certified to eID. iProov’s eID statement is publicly available in an electronic format below.
Please click here to view our eID certification
General Terms of Service
iProov’s general Terms of service may be found here.
For any prospective partners or customers, terms and conditions are encompassed in our Partner Service Agreement, which is available on request.
iProov Privacy Policy
iProov’s Privacy Policy may be found here