Both customers and users of ReadID trust us with very privacy sensitive information. InnoValor has the responsibility to not only be secure, but also to show that we are secure. We do this via certifications, granted by independent auditors. Customers can rely on these certifications, saving costs and overhead associated with doing their own due diligence and audits on our information security.
Since 2018 we are ISO/IEC 27001 certified, which can be considered as a baseline or ‘hygiene’ information security certification. For InnoValor having more than ISO/IEC 27001 is a differentiator: it creates a competitive edge to our products and assures our customers that we see the security of their information as a top priority for our business.
ISO/IEC 27001 – Information security management
InnoValor’s ISO/IEC 27001 certification certifies that we have an appropriate Information Security Management System (ISMS) in place. That means that we:
- Systematically examine the organisation's information security risks, taking into account the threats, vulnerabilities, and impacts;
- Design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address those risks that are deemed unacceptable; and
- Adopt an overarching management process to ensure that the information security controls continue to meet the organisation's information security needs on an ongoing basis.
ISO/IEC 27701 – Privacy management
Whereas the ISO/IEC 27001 certificate provides a baseline security for our ReadID customers, our ISO/IEC 27701 certificate brings it to a next level by adding data privacy specific extensions to it. ISO/IEC 27701 is relatively new and much less common than ISO 27001. ISO/IEC 27701 differentiates ReadID and underlines our continuous efforts to ensure trusted identity verification.
Privacy is a key aspect of our product ReadID, as our solutions have access to many millions of identity documents. We take our responsibility for the privacy of the holders of these documents very seriously.
InnoValor’s ISO/IEC 27701 certification demonstrates that we have established and implemented an effective Privacy Information Management System extending our ISO/IEC 27001 Information Security Management System. This means that we have all the required security and privacy controls in place to securely process personal data as a controller as well as a processor.
eIDAS module certification for Qualified Trust Service Providers
eIDAS 910/2014 is an EU regulation that establishes trust in electronic transactions between individuals, organisations and government entities across European Member States. Its two core stones are electronic identification and digital signatures. The module certification is about the latter: it specifies rules for trust services to simplify and standardise digital signatures across Europe. InnoValor provides identity data and document verification services for qualified trust service providers operating under the eIDAS regulation. ‘Qualified’ is the highest trust level, a digital signature at a qualified level is legally equivalent to a wet signature. For these services InnoValor has been certified as being compliant with applicable eIDAS requirements as well as relevant applicable ETSI EN 319 401 and ETSI EN 319 411-1/2 standards for qualified trust service providers issuing qualified certificates.
eIDAS eID module certification for assurance level High
The eIDAS 910/2014 regulation establishes trust in electronic transactions between individuals, organisations and government entities across European Member States. Next to digital signatures, it specifies rules for electronic identification to simplify and standardise electronic identities (eIDs), i.e., authentication solutions, across Europe. InnoValor’s ReadID provides identity data and document verification services for electronic identity providers that issue eIDs under eIDAS.
Compared to Know Your Customer (KYC) and authentication practices in the financial sector that are typically on an eIDAS Substantial level, ReadID is therefore audited to be trusted at a higher level than Substantial.
eIDAS Trust Services Document Repository
ReadID SaaS with SDK
eIDAS Trust Service Policy and Practice Statement for ReadID SaaS with SDK (version 1.2)
eIDAS Trust Service Policy and Practice Statement for ReadID Ready (version 1.2)
ReadID eIDAS LoA mapping for eID
ReadID eIDAS LoA mapping for eID (version 1.2)