We signed new contracts with 9 certified companies in March 2015. We’re coming to the end of the process in which certified companies work to meet all the standards and complete all the tasks needed to start providing services through GOV.UK Verify under the new contracts.
Following some questions from readers of the blog, we thought it might be useful to summarise what that process involves.
Certified companies are there to give users safer, simpler and faster access to government services through GOV.UK Verify. It’s important that they prove to users and government that they’re capable of doing this well, and that users can trust them to do so.
To join GOV.UK Verify, each company has to meet all the requirements under the contract. This includes:
- going through a series of tests to prove that their service works for users, is secure, meets the required standards, has the right technical and user support in place and provides the services the company promised in their bid
- gaining independent certification for their approach to information security (ISO27001 or equivalent)
- working towards independent certification that they meet the required identity assurance standards (this process can only be fully completed after a period of live operation)
- putting in place the right arrangements for management information and reporting and ongoing improvement in response to feedback
We’ve posted before in more detail about making sure certified companies are ready to connect.
After certification and connection to GOV.UK Verify, the companies commit to continuously meet standards and improve, based on detailed analysis of performance and user experience.
Subscribe to the blog to keep up to date with the latest on GOV.UK Verify's certified companies