The latest in our series of Good Practice Guides (GPG 46) is now available on GOV.UK.
This guide deals with proving the authenticity (identity) of a legal organisation, such as a business, partnership, charity, government body or other public sector organisation.
Within the UK there are no official attributes that are used to uniquely identify every form of legal organisation. Some organisations are required to be registered with a public authority, but most organisations recognised by law are not.
Under UK Law a legal organisation is a distinct legal entity separate from its members. The members of an organisation operate and bind it, however members actions are "for and on behalf of" the organisation and not their own. Whilst an organisation can be bound by the actions of its members it can never take actions by itself, it always needs a member to act on its behalf.
The implication for identity assurance is that an organisation must always be bound to a person. There are two main questions to answer:
1. Is the organisation genuine?
2. Is the person acting for the organisation a real person and are they authorised to act on behalf of that organisation?
These are obviously difficult challenges to overcome. Our approach, as with citizen identity assurance, is to create the standards which will enable suppliers to devise services.
Scope of the guide
This GPG is designed to demonstrate how you might prove that the person, the organisation and the person’s relationship to the organisation, is genuine. Also, that the individual claiming to be acting on behalf of the organisation is someone who is authorised to act on its behalf.
Who should read it?
This document should be read by people in organisations that are responsible for identity proofing other organisations where any government department or service will be relying on the identity of that organisation. This includes those responsible for the procurement, assessment or delivery of an identity assurance (IdA) service.