Digidentity is certified against the requirements of standards, schemes and regulations
Information Security Management System
Digidentity implemented and maintains an Information Security Management System (ISMS) which is certified against the ISO/IEC 27001:2013 standard. The ISMS of Digidentity provides policies and procedures to maintain a high level of information security to protect our systems and customer data.
The ISMS manages security controls for logical and physical access, network security, human resource security, business continuity and disaster recovery, incident management and compliance.
Privacy Information Management System
Digidentity maintains a Privacy Information Management System (PIMS) which is certified against the ISO/IEC 27701:2019 standard for privacy management. We meet the requirements regarding responsibility and accountability for processing Personal Data.
With ISO/IEC 27701:2019 certification, Digidentity can demonstrate to customers and stakeholders that effective measures are in place to support compliance to GDPR and other related privacy legislation.
Digidentity implemented information security controls compliant with ISO/IEC 27017:2015 applicable to the provision and use of cloud services. The security controls cover responsibilities as protection of virtual environments, virtual machine hardening and configuration, maintenance procedures, logging and monitoring.
Digidentity's attestation to the ISO/IEC 27017:2015 guidance demonstrates our ongoing commitment to align with international standards and confirms that we have controls in place that are specific to cloud services.
Securing Personal Data in the Cloud
Digidentity implemented information security controls to secure processing of personal data in the cloud compliant with ISO/IEC 27018:2019. With our ISO/IEC 27018:2019 certification, Digidentity established a baseline of security for all our services that processes data in the cloud. The security measures implemented reduce security risks related to processing personal data in the cloud.
The security controls cover responsibilities as protection of personal data in virtual environments, legal requirements of processing personal data, maintenance procedures, logging and monitoring.
Digidentity's certification to ISO/IEC 27018:2019 proves our commitment to comply to GDPR (Regulation (EU) 2016/679) and other data protection laws and regulations.
Quality Management System
Digidentity has implemented and maintains an Quality Management System (QMS) which is certified against the ISO 9001:2015 standard.
The QMS of Digidentity provides policies and procedures to maintain and improve the quality of our services to customers.
The QMS manages quality controls for product development, service delivery and customer satisfaction.
ETSI EN 319 401
General Policy Requirements for Trust Service Providers
Digidentity is compliant with ETSI EN 319 401 defining the general requirements for Trust Service Providers.
The ETSI EN 319 401 standard specifies baseline policy requirements on the operation and management practices of Trust Service Provider. The general requirements cover controls for access management, network security, incident management, business continuity management and compliance.
Digidentity obtained the separate certificate for ETSI EN 319 401 in 2021 where the certification was always included in the ETSI 319 411 certification since 2011.
ETSI EN 319 411-1
Policy & Security requirements for TSP issuing public key certificates
Digidentity is certified against ETSI EN 319 411-1 defining the requirements for the issuance of public key certificates. Digidentity issues public key certificates for authentication, encryption, and non-repudiation as well as server certificates for authentication and encryption.
The ETSI EN 319 411-1 standard defines requirements for certificate life cycle (registration, issuance, revocation), security controls and compliance.
ETSI EN 319 411-2
Policy & Security requirements for TSP issuing EU qualified certificates
Digidentity is certified against ETSI EN 319 411-2 defining the requirements for the issuance of qualified certificates for electronic signatures. Digidentity issues qualified certificates for electronic signatures for personal and business use (eSGN Qualified) and electronic Seals for organisations (eSGN Seal).
The ETSI EN 319 411-2 standard defines requirements for certificate life cycle (registration, issuance, revocation), security controls and compliance.
EU Regulation 910/2014 (eIDAS) on electronic identification and trust services
Digidentity is certified against EU Regulation 910/2014 (eIDAS). eIDAS provides requirements for advance and qualified electronic signature, electronic Seals and electronic identification.
Digidentity issues qualified certificates for qualified electronic signatures for personal and business use (QES) and electronic Seals for organisations (Seal). Digidentity is a Qualified Trust Services Provider (QTSP) as defined in eIDAS. Digidentity is included on the EU Trust List for Trust Service Providers for issuance of EU qualified electronic certificates. Digidentity issues digital identities for eHerkenning (eID) which is eIDAS notified in Europe.
Digidentity is also inspected annually by the Dutch Supervisory Body - Dutch Authority for Digital Infrastructure on compliance with eIDAS for both Trust Services and eID.
EU Regulation 679/2016 (GDPR) on protection of personal data
Digidentity is compliant with the requirements in EU Regulation 679/2016 (GDPR) for protection of personal data.
Digidentity safeguards the privacy of our customers. Digidentity complies to the GDPR requirements for performing Data Protection Impact Analysis (DPIA), record of processing activities, agreed Processor Agreements, has a data breach response plan, information security policy and is transparent on the processing of personal data.
UK Digital Identity & Attributes Trust Framework
Digidentity is certified against the requirements from the UK Digital Identity & Attributes Trust Framework (known as Trust Framework) of the Department of Culture, Media & Sport (DCMS). The Trust Framework contains a set of rules and standards designed to establish trust in digital identity products in the UK.
Digidentity is certified as an IDSP (Identity Service Provider) to perform digital identity checks for the Right to Work (RtW), Right to Rent (RtR), and Disclosure and Barring Service (DBS) schemes respectively, in line with the Trust Framework. Digidentity performs identity checks using the requirements in GPG44 and GPG45 that included identity document validation, biometric verification and fraud detection.
Digidentity is audited annually on compliance to the Trust Framework requirements by DISC from Age Check Certification Scheme from the UK (Certificate UKDIATF 2022/06) and (Certificate of Conformance).
Digidentity is listed as a certified IDSP on the GOV.UK website.