Citizen ID
Suitable for health records. Proven at 50m+ user scale. CitizenID, a biometric enrollment for a 12-digit Unique Identification Number (UIN) that links to bank accounts aid financial inclusion, seamless Direct Benefits Transfer (DBT), Digital signatures, document storage, and multi-factor authentication ensure security. Piloting, monitoring, and continuous improvement drive nationwide rollout.
Features
- Integrated universal banking with unique citizenID linkage
- Credit scores based on citizenID data
- Payments enabled directly via cell phones
- Custom social benefits linked to citizen profiles
- CitizenID streamlines tax and fine collection
- Secure digital storage for critical documents
- Digital access to government services and employment
- Link health services to citizenID and track for capacity building
- Biometrics-enabled voting via cell phones
- CitizenID aids in monitoring government efficiency
Benefits
- Enhancing financial accessibility for all citizens
- Facilitating fair access to credit
- Simplifing transactions, enhances payment convenience
- Delivering targeted, effective social support
- Increasing efficiency in revenue collections
- Ensuring data integrity, security, consent to use
- Reducing bureaucracy, improving service delivery
- Streamling insurance claims and health services
- New channels to promote electoral participation and convenience
- Enhancing accountability and transparency in governance
Pricing
£24,985 to £84,985 a unit
- Education pricing available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
5 6 1 3 3 2 4 4 9 4 6 2 6 2 5
Contact
Gaiasoft International Limited
Morel Fourman
Telephone: 02076924035
Email: morel.fourman@gaiasoft.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
-
- Public cloud
- Private cloud
- Community cloud
- Hybrid cloud
- Service constraints
- CitizenID offers comprehensive solutions for identity management and citizen services. It represents a specialized system crafted to meet the distinct needs of government agencies and organizations engaged in citizen identification and service provisioning. Consequently, for potential implementations, one must recognize that CitizenID necessitates tailored initial setup and implementation according to their specific requirements of the country. This implies that customization, integration, and maintenance processes may differ country to country, depending on needs and infrastructure.
- System requirements
-
- Hardware Servers sizing based on rollout plans
- Windows Licences
- Biometric Devices
- Firewall & Switches
- Backup and Recovery mechanisms for data integrity and availability
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
We have a Service Level Agreement based ticketing support.
Priority 1 tickets are responded to within 4 hours
Priority 2 tickets are responded to within 6 hours
Priority 3 tickets are responded to within 8 hours - User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 AAA
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- Web chat
- Web chat support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support accessibility standard
- None or don’t know
- How the web chat support is accessible
-
1 Chatbot & FAQ Access: Our web chat features an intelligent chatbot equipped with a comprehensive FAQ module. Users can query this system for instant information about navigating and utilizing the platform. However, the chatbot is limited to providing information available in its database and cannot offer personalized medical advice. We can provide support for WhatsApp for business as on-demand integration.
2. Human Assistance: If the query exceeds the chatbot’s capabilities or requires personal interaction, the chatbot is designed to triage and seamlessly escalate the issue by connecting the user to a human agent. This ensures that complex concerns are addressed with a personal touch.
3. Ticketing Option: For issues that require further investigation or are not immediately resolvable, users have the option to open a support ticket directly through the chatbot. This feature is intended for non-urgent queries and users will receive a follow-up response based on the order the tickets were received. - Web chat accessibility testing
- NA
- Onsite support
- Yes, at extra cost
- Support levels
- We provide onsite training, installation, program build, program operate and program transfer support, if required
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
We have multiple modes of training:
a) Onsite training in the form of "Train the Trainer" and provide them with adequate resources to train the rest of the staff.
b) Self Service through our Knowledge Base which has training videos on how to use the application.
c) Regular monthly training as a part of the monthly calendar to train new staff. (This is available on a chargeable basis.) - Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
- The data can be exported in Excel / CSV formats.
- End-of-contract process
- Off-boarding is carried out by our Service Management team and transition, termination and service closure can be determined upon request.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- Mobile, iPad and tablets are compatible
- Service interface
- Yes
- User support accessibility
- None or don’t know
- Description of service interface
- The service accessible through the web interface with most browsers available in the market
- Accessibility standards
- None or don’t know
- Description of accessibility
- No
- Accessibility testing
- No
- API
- Yes
- What users can and can't do using the API
-
1. API Authentication: Users need to authenticate using their API key and token to interact securely with our APIs.
2. Create Requests: To set up a new service or resource in our application, users can make a POST request to the appropriate endpoint.
3. Documentation and Endpoints: Documentation available to customers on request providing available endpoints and required parameters for setting up different services.
4. Update Requests: Changes to existing resources can be made through PUT requests.
5. Batch Updates: For bulk changes, we may support batch requests to update multiple records at once, depending on the specific needs and the API's capabilities.
--Limitations--
1. Rate Limits: We impose rate limits to ensure fair usage and server stability. Exceeding these limits may result in temporary blocks.
2. Permission and Roles: Users must have the appropriate permissions and roles assigned to perform certain actions through the API.
3. Data Validation: The API enforces data validation rules. Any attempt to send invalid data (e.g., incorrect data types or missing required fields) will result in errors.
4. Complex Transactions: Some complex business processes may require multiple API calls or are not fully exposed via the API, necessitating alternative methods or manual intervention. - API documentation
- Yes
- API documentation formats
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
- We offer customizations to develop new functionalities and features based on the business requirements document shared with us by the client. The assessments for implementations are provided after detailed requirements are received and accepted. Such customizations are chargeable hourly at agreed rates as mentioned in the contract.
Scaling
- Independence of resources
-
1. Resource Isolation: Separating physical servers or employ virtualization technologies to isolate resources at the hardware or virtual machine level.
2. Load Balancing: Distributing incoming service requests evenly across multiple servers, preventing any single server from becoming a bottleneck.
3. Prioritization of Resources: Assign priority levels to different types of traffic and manage bandwidth allocation accordingly to ensure critical applications always have the necessary resources.
4. Rate Limiting: Implement rate limiting to control the amount of resources a single user or operation can consume, thus preventing overuse.
5. Performance Monitoring and Management
6. Redundancy and Failover Systems
7. Clear SLAs
Analytics
- Service usage metrics
- Yes
- Metrics types
- Service usage metrics for CitizenID include user enrollment and authentication rates, biometric enrollment completion, transaction volume, system availability, error rates, and user satisfaction scores. Additionally, tracking average transaction processing time, biometric match accuracy, and system response time is essential. Metrics also encompass enrollment center throughput, document verification rates, security incidents, and system downtime. Analyzing user demographics, usage patterns, and accessibility metrics provides valuable insights. Integration metrics gauge interoperability, while cost-effectiveness assesses implementation and operational expenses versus benefits.
- Reporting types
- Regular reports
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- None
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Supplier-defined controls
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Physical access control, complying with SSAE-16 / ISAE 3402
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- A third-party destruction service
Data importing and exporting
- Data export approach
-
1. Understanding the Data Requirements
2. Preparing for Export
3. Choosing the Export Method
4. Performing the Export
5. Post-Export Processing - Data export formats
-
- CSV
- Other
- Other data export formats
- MS Excel
- Data import formats
-
- CSV
- Other
- Other data import formats
- MS Excel
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- IPsec or TLS VPN gateway
- Legacy SSL and TLS (under version 1.2)
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Legacy SSL and TLS (under version 1.2)
Availability and resilience
- Guaranteed availability
-
SLA of 99.9% is based on those AWS currently provides for the underpinning services. Due to the rapidly evolving nature of AWS’s product offerings, SLAs are best reviewed directly on our website via the links below:
• Amazon EC2 SLA: http://aws.amazon.com/ec2-sla/
• Amazon S3 SLA: http://aws.amazon.com/s3-sla
• Amazon CloudFront SLA: http://aws.amazon.com/cloudfront/sla/
• Amazon Route 53 SLA: http://aws.amazon.com/route53/sla/ • Amazon RDS SLA: http://aws.amazon.com/rds-sla/ • AWS Shield Advanced SLA: https://aws.amazon.com/shield/sla/ Well-architected solutions on AWS that leverage AWS Service SLA’s and unique AWS capabilities such as multiple Availability Zones, can ease the burden of achieving specific SLA requirements. - Approach to resilience
- At least every 6 months
- Outage reporting
- Email alerts
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Username or password
- Access restrictions in management interfaces and support channels
-
The measures implemented to manage and restrict access can be divided into six sub-categories:
1) Physical Access Control
2) Logical Access Control 3) Access Administration
4) Authentication and Authorisation
5) Data Access Control
6) Data Transfer. - Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Username or password
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- Indraprastha SystemCert Private Limited
- ISO/IEC 27001 accreditation date
- 06/05/2024
- What the ISO/IEC 27001 doesn’t cover
- The Registered Scope is as follows: Information Security Management systems applicable to tools & platforms for Healthcare, Animal Science, Citizen ID, Epigenetic, Information & Cyber Security, Net Zero, Climate Change Adaptation, Mitigation, Agriculture, Forestry, Renewables, Carbon Credits, Nature, Biodiversity & Social Impact Credits, Energy, Oil & Gas, Performance Management, Delivery Units, Monitoring & Evaluation, Reporting & Learning from above location.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- No
- Cyber essentials plus
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
-
We follow the following processes:
1. Policy Development: Clearly defined objectives for information security, based on risk assessments and business requirements. Regularly review and update these policies to adapt to new threats and changes in our business environments.
2. Human Resources Security: We conduct basic pre-employment checks and ongoing security and awareness training.
3. Access Control: Managed access rights based on the principle of least privilege, regularly reviewing and adjusting these rights as necessary.
4. Physical and Environmental Security: Maintaining secure physical access to information systems and protecting against environmental hazards.
5. Operations and Communications Security: Implemented measures to protect against malware, ensure secure network services, and manage secure data handling and transmissions.
6. Incident Management: Maintain an incident response plan, including mechanisms for reporting and analysing breaches.
Our Information Security Officer or Manager oversee the ISMS and report directly to top management. A dedicated security team or committee supports ongoing compliance and reporting.
We conduct regular internal and external audits to ensure adherence to policies. Regular reviews with top management assess the effectiveness of the ISMS. Violations of policies are met with clear, predefined consequences, enhancing compliance and accountability.
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
- Conforms to ISO20000-1 & ISO27001
- Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
- Conforms to ISO27001
- Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
- Conforms to ISO27001
- Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
- Conforms to ISO20000-1 & ISO27001
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
- Tackling economic inequality
- Equal opportunity
- Wellbeing
Tackling economic inequality
1. Financial Inclusion: Use CitizenID to facilitate access to banking services and financial literacy programs, empowering marginalized communities to participate in the formal economy.
2. Direct Benefits Transfer (DBT): Implement DBT schemes linked to CitizenID to ensure targeted delivery of subsidies, welfare benefits, and financial assistance to those in need.
3. Skill Development: Utilize CitizenID data for targeted skill development programs, enabling individuals to acquire relevant skills for employment and entrepreneurship opportunities.
4. Job Matching: Leverage CitizenID to match job seekers with suitable employment opportunities based on their skills, qualifications, and preferences, reducing unemployment and underemployment.
5. Access to Government Services: Streamline access to government services such as healthcare, education, and social welfare through CitizenID, ensuring equitable distribution and utilization of public resources.
6. Asset Management: Use CitizenID to promote asset ownership among marginalized communities, such as land tenure rights and property ownership, fostering wealth creation and economic stability.
7. Monitoring and Evaluation: Continuously monitor and evaluate the impact of CitizenID initiatives on economic inequality, adjusting policies and interventions based on data-driven insights.
Public-Private Partnerships: Collaborate with private sector entities to leverage CitizenID for inclusive economic growth initiatives, such as microfinance, small business support, and supply chain integration for marginalized producers.Equal opportunity
1. Universal Access: Ensure all citizens have access to CitizenID enrollment centers, regardless of location or socio-economic status, to prevent exclusion.
2. Education and Awareness: Conduct campaigns to educate citizens about the importance of CitizenID and how it can provide equal access to opportunities, including workshops and community outreach programs.
3. Affordable Enrollment: Offer subsidized or free enrollment for disadvantaged groups to remove financial barriers to obtaining CitizenID.
4. Digital Inclusion: Ensure CitizenID services are accessible through multiple channels, including online platforms and mobile applications, to accommodate citizens with varying levels of digital literacy.
5. Non-Discrimination: Implement strict policies and regulations to prevent discrimination based on race, gender, religion, or any other characteristic during CitizenID enrollment and usage.
6. Access to Government Services: Ensure that CitizenID enables equal access to government services, including healthcare, education, and social welfare, without discrimination or bias.
7. Monitoring and Accountability: Regularly monitor CitizenID usage and outcomes to identify and address any disparities or barriers to equal opportunity, and hold accountable those responsible for ensuring equitable access.Wellbeing
1. Access to Healthcare: CitizenID can streamline access to healthcare services, including medical records management, appointment scheduling, and telemedicine, ensuring timely and quality healthcare for all citizens.
2. Social Welfare Programs: Use CitizenID to efficiently deliver social welfare programs such as food assistance, housing support, and unemployment benefits, targeting those in need and reducing administrative burden.
3. Environmental Wellbeing: Promote environmental sustainability and wellbeing through CitizenID initiatives, such as carbon footprint tracking, environmental education, and community conservation efforts.
4. Safety and Security: Enhance safety and security for citizens through CitizenID-enabled emergency response systems, crime reporting platforms, and neighbourhood watch programs.
Pricing
- Price
- £24,985 to £84,985 a unit
- Discount for educational organisations
- Yes
- Free trial available
- No