iProov has a well defined set of business processes and corporate governance, which provide accountability, responsibility and transparency to our customers and partners.
All iProov authentication solutions have been inherently designed for privacy and the business is certified to ISO/IEC 27001:2013. iProov complies with GDPR (regulation (EU) 2016/679), which means that all biometric images can only be used under agreed and specific terms (user authentication, fraud detection, maintenance of these methods). iProov is exhaustively tested regularly by governments and enterprises. In June 2020 the company was comprehensively and extensively tested by an independent company on behalf of the US Department of Homeland Security. Cutting edge techniques were used to spoof the system, which were successfully blocked by iProov.
iProov is ISO 27001 compliant and maintains this status continuously with annual audits. Importantly, the ISO certification scope covers the whole company, including all the products and services it provides, controlled from the iProov office location in London.
iProov is compliant with ISO/IEC 30107-3 following performance assessment of our presentation attack detection by the UK National Physical Laboratory (NPL). It has been awarded Level 1 and Level 2 confirmation by iBeta.
eIDAS 910/2014 is an EU regulation that establishes trust in electronic transactions between individuals, organizations and government entities across the European Member States. One of the regulation’s key strengths is the issuance and verification of electronic or digital signatures. The module certification specifies rules for trust services to simplify and standardise digital signatures across Europe.
iProov provides verification and authentication services for qualified trust service providers operating under the eIDAS regulation. ‘Qualified’ is the highest trust level – a digital signature at a qualified level is legally equivalent to a wet signature. For these services, iProov has been certified as being compliant with applicable eIDAS requirements as well as relevant applicable ETSI EN 319 401 and ETSI EN 319 411-1/2 standards for qualified trust service providers issuing qualified certificates.