Digidentity B.V.

Organisation and Business Identity Verification

Digidentity's Organisation and Business Identity verification service connects a verified identity to an organisation and authorises that person to act on behalf of the company.

Features

• Verify Identity to UK and EU standards
• Bind individuals to businesses/companies/domains
• Authorise individuals to act on behalf of an organisation
• Apply digital signing capability at Basic; Advanced and Qualified
• Remote set-up

Benefits

• Strong Identity Assurance
• Secure authentication
• Fraud prevention
• Improves business processes
• Digital signing capability
• Helps save time and cost

£2.50 to £20.00 a user a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales_UK@digidentity.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

495864371975763

Contact

Jonathan Evans
+44(0)330 60 60 732
sales_UK@digidentity.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: This service builds on our citizen Identity platform, which serves GOV.UK Verify. Because of our standards-based approach to Identity, users who have existing Identity accounts. via Verify, are able to use these to support their business Identity account application.
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: None
• System requirements:
  • Digidentity supports iOS 10 and later software
  • Digidentity supports apple iPhone 5 and later
  • Digidentity supports Android 4.1 and later software
  • Requires an internet connection and a browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Digidentity provides Telephony, Chat and E-mail support.; ; For Telephony and Chat the response is in real time. For e-mail our average response time is 24 hours.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), 7 days a week
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: We have taken users through the requisite testing to ensure compliance with the GOV.UK Verify Framework.
• Onsite support: Yes, at extra cost
• Support levels: We support users 7 days week (except for bank holidays).; ; 08:00 – 22:00 on weekdays and 08:00 – 17:00 at weekends.; ; WebChat support accessibility standard: WCAG 2.0 AA or EN 301 549 9: Web.; ; We do client integration support 24/7 through phone and e-mail.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Our integration team works with purchasing organisations via a combination of physical meetings and online workshops to ensure a smooth and quick launch of the service. Technical support, user documentation, and appropriate levels of training are provided.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
• End-of-contract data extraction: No data from the purchasing organisation is stored.
• End-of-contract process: Digidentity will work with the purchasing organisation to ensure an orderly wind down of the service. There are no additional end-of-contract costs.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The process is the same, but optimised for mobile experience. A user is able to switch, seamlessly, between the mobile and web journeys. They are able to leave and pick-up an application from where they left off irrespective of device or operating system.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: G-SAML OAuth 2.0 and OIDC protocols supported.; ; We also have two SDKs, which offer customers/buyers the ability to consume the full range of Digidentity's platform components in any configuration required. ; ; The SDK(s) also provides the requisite tools that affords the customer/buying organisation the option to fully customise the UX making for a seamless user experience.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Comprehensive usability testing is undertaken on our service as part of our overall certification. Insight testing is conducted with a broad range of users to ensure we provide a service that meets the important access issues for people with disabilities, in addition to the usability problems that might be faced by all users.; ; The implementation of design patterns for the use of assisted technologies, for example screen readers, are included in our automated continuous integration testing.
• API: Yes
• What users can and can't do using the API: Service providers connect to our service through our API. The API supports G-SAML OAuth 2.0 and OIDC protocols for authentication and authorisation. The service provider is required to conform to the profile, authentication contexts and attribute schema.; ; Successful performance of compliance tests is required prior to live running. The service provider generate authentication requests and translate the response using the API.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The solution can be customised to the needs of the buyer. This includes the front-end as well as the checks that need to be performed. ; ; Our system can be integrated easily and quickly and our platform is easily configurable to offer buyers the flexibility to request the information they require.; ; A customised set-up will be carried out for each buyer ensuring the specific requirements of each customer is met.

Scaling

• Independence of resources: Our service is highly scalable, designed to handle high volumes of traffic and able to expand capacity to manage peaks in demand. We constantly review volumes to ensure that capacity runs ahead of demand.

Analytics

• Service usage metrics: Yes
• Metrics types: MI reports include key data covering usage, performance and outcomes where available and applicable.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: No
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Our users are able to deactivate and permanently delete all personal information from their Digidentity accounts at any time. Other forms of data extraction is possible and can be agreed on an individual basis in collaboration with the buyer.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Digidentity operates a fully resilient system. Our operating standard is minimum 99.5% availability. Remediation terms subject to contract.
• Approach to resilience: Digidentity Service Resilience Architecture is available on request.
• Outage reporting: For any service outage we report via notifications for the user to see on a public dashboard.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
• Access restrictions in management interfaces and support channels: We operate a role-based access management approach to ensure everyone in the company has the appropriate level of access. This is reviewed on a regular basis.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)

Audit information for users

• Access to user activity audit information: Users receive audit information on a regular basis
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 26/03/2021
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • ETSI EN 319 411-1
  • ETSI EN 319 411-2
  • TScheme
  • ISO/IEC 27001:2013
  • ISO27017:2015
  • ISO27018:2019
  • EU Regulation 910/2014

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Digidentity Information Security Management System (ISMS) is based on ISO27001 compliance with a formal governance structure based on Information Security policy, standards and guidelines. For certain government contracts, Digidentity is certified to ISO27001.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: All tickets associated with change management are tracked via JIRA and Project Roadmaps. Stakeholders are informed and able to provide feedback. ; ; Digidentity's change management approach is intended us to assess the impact of a change and the risks involved.; ; These are the guidelines used:; ; (1) What is the issue?; (2) What is the proposed solution?; (3) What are the requirements for this change?; (4) What is the impact (time, security, legal) of the change?; ; This assessment considers how the event could impact costs, schedule, criteria. Documents are continuously up-dated as part of the process.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: As part of ISO 27001:2013 compliance and ETSI compliance our process has regular vulnerability scans and penetration tests. According to our Patch management policy, patches will be applied no later than 6 months after issuance. Information about potential threats comes from internal and external vulnerability scan results and penetration test results.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We have monitoring and alerting in place. The system is scanned daily via monitoring applications, any potential risks reported. An alert will be sent to the team to assess and handle any risk identified. Any potential compromise is taken up as an incident, processed through the incident management procedure. Incident response times:; ; Priority 1 – 10 minutes to react – 4 hours to resolution; Priority 2 – 10 minutes to react – 8 hours to resolution; Priority 3 – 30 minutes to react – 72 hours to resolution; Priority 4 – 30 minutes to react – 5 days to resolution
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Incident Management process is implemented to ensure an effective and consistent approach in the management, handling, recording and follow up of all incidents which occur within the business activities of Digidentity. The term incident is used to describe incidents which are related to services, data and information security.; ; The framework for each incident is the same: Identification, reporting, classification, investigation and evaluation. ; ; Incidents shall be reported as soon as detected. The Incident Manager will classify the incident and inform the other incident managers. Depending on classification, the relevant incident manager(s) will be assigned. ; ; A more detailed description available on request.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Other
• Other public sector networks: GOV.UK Verify

Social Value

• Fighting climate change:

  Fighting climate change

  Digidentity is committed to tackling climate change and reduce carbon emissions. We are well on the way to achieve net zero ahead of 2050. In the last 18 months or more, have undertaken several transformational steps to reduce our own greenhouse gas emissions. ; In 2020 we invested in the development and certification of a new process for on-boarding users for our eSGN suite of services. As such the traditional face-to-face checks required for enrolment and on-boarding was replaced with a self-serve digital process using the Digidentity native app. This meant that we have been able to eliminate a lot of business travel, which has, in turn, helped us to become more environmentally friendly and helped us reduce our carbon footprint. Additionally, it has also supported our clients to the same end by reducing their requirement to travel.; Furthermore, we have closed some of our offices and introduced a more flexible working work policy. This was designed to offer colleagues a better work/life balance, but has had the added benefit of reducing travel consequently lowering our carbon footprint.
• Covid-19 recovery:

  Covid-19 recovery

  The Digidentity suite of services directly address the challenges that COVID-19 has impacted on the traditional ways citizens access and use essential services. Digidentity offer users a way of proving who they are to access public and private sector services in a fast, secure and compliant way. ; We are the only Qualified Trust Service Provider (QTSP) who can on-board users for a Qualified Electronic Signature (QES) via a fully remote self-serve process. This enables users to sign important documents to the highest level of digital signature compliant to a wet-signature under UK and EU law. ; Furthermore, Digidentity worked with DWP on their Universal Credit programme to ensure vulnerable customers were able to access a critical service digitally where it wasn’t possible to do so in-person. At its peak in April/May 2020 we were processing in excess of 100k per day.
• Tackling economic inequality:

  Tackling economic inequality

  Our entire suite of services is predicated on the principle that everyone should be able to have a digital identity. We subscribe to a risk-based model (as opposed to a binary one) that builds a trusted relationship with the user/citizen over time. Furthermore, we build our services using a range of data sources and technologies to ensure that users have the best chance of proving their identity to the required level. This approach supports economic inclusion because it allows a user to prove who they are even if they don’t have traditional documents such as utility bills or a deep credit footprint.; Our high-assurance, standards-based approach means that service providers can outsource their compliance obligations to Digidentity, which gives them a superior product at a lower cost. It will also mean for a faster acquisition of the customer. This allows smaller organisations (in particular) to invest the time and money they save into more innovative growth initiatives.

Pricing

• Price: £2.50 to £20.00 a user a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales_UK@digidentity.com. Tell them what format you need. It will help if you say what assistive technology you use.