Compliance Repository

iProov takes compliance very seriously, and complies with a number of industry standards. 

ISO 27001:2013

iProov is ISO 27001:2013 Information Security Management System (ISMS) certified.

What is it?
ISO/IEC 27001:2013 is the international standard for information security. ISO 27001’s best-practice approach helps organizations manage their information security by addressing people, processes, and technology.

What does it mean?
Certification to the ISO 27001 Standard is recognized worldwide and indicates that iProov’s ISMS is aligned with information security best practices.

iProov’s ISO Certificate number is 231387, and can be verified here: https://www.british-assessment.co.uk/verify-certification/

iBeta

ISO 30107-3 tested by iBeta

iProov’s Dynamic Liveness(R) and Express Liveness(TM) technology conforms with ISO/IEC 30107-3:2017 for testing Presentation Attack Detection (PAD) Levels 1 and 2.

What is it?
iBeta is a NIST NVLAP accredited biometrics testing lab (NVLAP Testing Lab Code 200962-0). iBeta Quality Assurance conducted Presentation Attack Detection (PAD) testing in accordance with ISO/IEC 30107-3. ISO/IEC 30107-3:2017 establishes:

• Principles and methods for performance assessment of presentation attack detection mechanisms;
• Reporting of testing results from evaluations of presentation attack detection mechanisms;
• Classification of known attack types

What does it mean?
iBeta has been conducting biometric testing as an independent third-party laboratory since 2012. During their testing of iProov’s technology, iBeta was not able to gain unauthorized access with Presentation Attacks (PA’s) yielding an overall PA success rate of 0%, which equates to the overall combined Imposter Attack Presentation Match Rate (IAMPR) of 0%. Independent testing reinforces the security of iProov assurance solutions.

ISO/IEC 19795-1:2006

iProov technology conforms with ISO/IEC 19795-1:2006 and is audited by the UK National Physical Laboratory (NPL)

What is it?
The UK National Physical Laboratory (NPL) NPL develops and improves methodologies for evaluating the performance of biometric systems, conducting evaluations and technical consultancy on biometric system performance, to lead to a more robust and accurate recognition. iProov’s methodology for testing biometric verification performance conforms to the relevant requirements of ISO/IEC 19795-1:2006, and these methodologies for testing presentation attack detection conform to ISO/IEC 30107-3:2017.

What does it mean?
iProov’s principles and methods to maintain the effectiveness of its presentation attack mechanisms are conformant to ISO/IEC 19795-1:2006

IRAP 

Audited to iRAP (Information Security Registered Assessor Program) in Australia. Achieving IPD 3 (Identity Proofing Level 3), the highest level.

What is it?
The Information Security Registered Assessors Program enables Australian Government customers to validate that appropriate controls are in place and determine the appropriate responsibility model for addressing the requirements of the Australian Government Security Manual (ISM) produced by the Australian Cyber Security Center (ACSC).

What does it mean?
IRAP assessment ensures that controls, people, processes, and technology are robust enough to protect the Australian Government from data breaches. iProov enables citizens to securely perform a proof of liveness test at identity proofing level three (IP3) which is necessary to access government services. IP3 is the highest level of assurance and is required to prevent the creation of fraudulent identities. Under the Australian government’s trusted digital identity framework (TDIF), IP3 requires a ‘high confidence’ in the claimed identity and is intended for services with a risk of serious consequences from fraud.

European GDPR (General Data Protection Regulation) (EU) 2016/679 & UK Data Protection Act 2018

iProov solutions comply with the highest level of privacy protection in the world; European GDPR (General Data Protection Regulation) (EU) 2016/679 and the UK Data Protection Act 2018.

What are they?
EU GDPR: The General Data Protection Regulation is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area. The GDPR is an important component of EU privacy law and of human rights law, in particular, Article 8 of the Charter of Fundamental Rights of the European Union. UK Data Protection Act: The Data Protection Act 2018 controls how your personal information is used by organizations, businesses, or the government. The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR).

What do they mean?
Being compliant with GDPR and UK Data Protection demonstrates iProov’s robust data policies and processes, and strong understanding of privacy regulations.

eIDAS

eIDAS EN 319-401, plus modular certifications; eSig to Qualified level and eID assurance High. Due to annual eIDAS audits, also conformant to AMLD5 Article 24 (1)d. For this requirement, our Trust Service Practice Statement is publicly available in electronic format.

What is it?
eIDAS (electronic IDentification, Authentication and trust Services) is an EU regulation on electronic identification and trust services for electronic transactions in the European Single Market.

What does it mean?
iProov powered solutions conform to EN 319-401 certified by independent auditors including TÜV Austria CERT GmbH and Ernst & Young for conformance to eIDAS Clause 23 (d). In addition, iProov modular certification has been audited to Qualified level for eSig and Assurance level High for eID. Due to the regular and stringent audit processes, iProov’s algorithms also conform to AMLD5 Article 24 (1) d. These robust audits provide confidence in the rigor and strength of the solutions, minimize organizations’ operational overheads from separate audit processes, and speeding up time to market.

SOC 2 Type II

iProov is certified SOC 2 Type II

What is it?
SOC 2 certification is formed on a set of criteria called the Trust Services Principles, namely; Security, Availability, Processing Integrity, Confidentiality, and Privacy of the service providers system. SOC 2 Type II reports are the most comprehensive of the ‘3 SOCs”. This certification assures that the service provider’s system is designed with suitable organizational controls to ensure sensitive information is kept secure in the cloud.

What does it mean?
SOC 2 certification provides detailed information and assurance about iProov’s controls relevant to the security, availability, and processing integrity of the systems that we use to process users’ data and the confidentiality and privacy of the information processed by these systems.

WCAG 2.1 AA & Section 508

iProov solutions conform with WCAG2.1AA and EN 301 549 v 3.1.1 (2019-11) Section 508

What are they?
WCAG 2.1 AA The Web Content Accessibility Guidelines (WCAG) are a set of recommendations for making Web content more accessible, primarily for people with disabilities. US Section 508 was enacted to eliminate barriers in information technology, make available new opportunities for people with disabilities, and to encourage the development of technologies that will help achieve these goals.

What do they mean?
The iProov system does not require complex instructions for users to read, understand or execute, the user looks at the device, the device looks back and authentication is complete. Our user-centric design maximizes inclusivity, delivering the ability to onboard or authenticate users faster, with a simple and secure process. A Voluntary Product Accessibility Template (VPAT™) or EU Accessibility Statement is available upon request.

eID

iProov is certified to eID. iProov’s eID statement is publicly available in an electronic format below.

Please click here to view our eID certification

General Terms of Service

iProov’s general Terms of service may be found here.

For any prospective partners or customers, terms and conditions are encompassed in our Partner Service Agreement, which is available on request. 

iProov Privacy Policy

iProov’s Privacy Policy may be found here