https://identityassurance.blog.gov.uk/2016/02/25/becoming-a-gov-uk-verify-certified-company/

Becoming a GOV.UK Verify certified company

We signed new contracts with 9 certified companies in March 2015. We’re coming to the end of the process in which certified companies work to meet all the standards and complete all the tasks needed to start providing services through GOV.UK Verify under the new contracts.

Following some questions from readers of the blog, we thought it might be useful to summarise what that process involves.

Certified companies are there to give users safer, simpler and faster access to government services through GOV.UK Verify. It’s important that they prove to users and government that they’re capable of doing this well, and that users can trust them to do so.

To join GOV.UK Verify, each company has to meet all the requirements under the contract. This includes:

  • going through a series of tests to prove that their service works for users, is secure, meets the required standards, has the right technical and user support in place and provides the services the company promised in their bid
  • gaining independent certification for their approach to information security (ISO27001 or equivalent)
  • working towards independent certification that they meet the required identity assurance standards (this process can only be fully completed after a period of live operation)
  • publishing terms and conditions and a privacy policy for users
  • putting in place the right arrangements for management information and reporting and ongoing improvement in response to feedback

We’ve posted before in more detail about making sure certified companies are ready to connect.

After certification and connection to GOV.UK Verify, the companies commit to continuously meet standards and improve, based on detailed analysis of performance and user experience.

Subscribe to the blog to keep up to date with the latest on GOV.UK Verify's certified companies

3 comments

  1. Malcolm Doody

    Both this page and "How the GOV.UK Verify technical architecture protects users' privacy, and why it's appropriate" page have empty bullet points in the "You may also be interested in:" section at the end. Are there missing entries, or just one too many bullets?

    Link to this comment
    • Rebecca Hales

      Thanks for your comment, Malcolm. We've tidied up those rogue bullet points now.

      Link to this comment
  2. MarkK

    "attesting the authenticity of deeds and writings" is a notarial function, regulated by the Faculty Office of the Archbishop of Canterbury, based on the 1533 Ecclesiastical Licences Act. Do all these companies, who are attesting authenticity, regulated by that office, and if not, why not?

    Link to this comment