TrustID Cloud - Identity Checking Service

TrustID Cloud checks and assesses identity documents (passports, visas, ID cards, driving licences) to assist with right to work, right to rent, DBS and KYC and AML compliance. Optional additional services include liveness, face matching, address verification and PEP screening to support GPG45, as well as RTW eligibility checking.


  • Identity Document checking
  • Automated checks, backed up by a team of document experts
  • Face matching and liveness checking options
  • Address verification and PEP and Sanction screening options
  • Right to Work eligibility checking
  • Checking under DBS/RTW/RTR Digital Schemes (certification required)
  • Use GuestLinks for candidate self-service
  • Unlimited user accounts
  • Access via web or API
  • Pay per check


  • Check that identity documents are genuine
  • Enables customer due diligence and prevents fraud
  • Aids right to work and right to rent compliance
  • Document helpdesk available to manually review suspicious identity documents
  • Payment structure suitable for businesses of all sizes
  • API allows integration into existing systems at no extra cost
  • Maximum 1 hour response time, 8am to midnight, 7 days/week
  • Manage your own users (unlimited user accounts)
  • Managers can view results centrally and report on activity
  • GuestLinks facilitates the new digital DBS, RTW and RTR schemes


£1.50 a unit

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

6 0 8 6 1 0 7 0 0 9 3 7 7 9 9


TrustID Sales Team
Telephone: 01184660822

Service scope

Software add-on or extension
Cloud deployment model
Private cloud
Service constraints
Customers may submit documents for checking at any time.

Documents which require manual review will be returned within 1 hour between 8am and midnight, 7 days a week, including public holidays.

Checks under the Digital DBS, RTW and RTR schemes must be performed using a smartphone with a camera and may require NFC reading capability.
System requirements
WiFi or 3G/4G/5G

User support

Email or online ticketing support
Email or online ticketing
Support response times
Document Helpdesk support SLA is 1 hour (8am-midnight), 7 days a week.

Technical support SLA is 2 hours during weekday business hours. Technical support is not provided at weekends.
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), 7 days a week
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), 7 days a week
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Web chat is accessible directly from the TrustID website. Webchat relies on text rather than sounds, images or colours. The text may be increased or decreased using zoom controls.
Webchat supports English language only.
Web chat accessibility testing
None specifically.
Onsite support
Yes, at extra cost
Support levels
Support is provided for:
Identity document queries.
Right to Work eligibility queries.
User account set up and password resets.
Service error reporting and suggestions.
Integration support (via API)

There are no additional costs for support.
Support available to third parties

Onboarding and offboarding

Getting started
No training required as the workflow is simple and includes wizards to guide users through the process.

Initially, we set up management user accounts (email address and name required) and send login details to the management users, along with a short get-started guide. Management users are then able to create and manage user accounts for their own users.
Service documentation
Documentation formats
End-of-contract data extraction
Users can download and extract their data at any point while it remains in our system. Data from submitted documents is automatically deleted 7 days after submission by default. Users can manually delete this at any point before the automatic deletion date.
End-of-contract process
Checks are sold on a per-document basis rather than a contract length basis. Users can no longer use the service to perform checks once all credits have been used. Additional credits can be purchased at any time.

Each document checked uses up a single credit, whether accepted, failed or rejected .

Included in the service is the checking of the agreed quantity of documents and images to the agreed standard. The service also includes access to our Document Analyst team, which is available to provide support for individual document checks or general Right to Work eligibility questions.
Account holders can have unlimited user accounts and unlimited apps deployed across their organisation.
Access to the API is included at no extra cost.

Using the service

Web browser interface
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
The service can be accessed on both desktop and mobile devices from a web browser, with no difference in functionality.

The website has been optimised for mobile.
Service interface
User support accessibility
None or don’t know
Description of service interface
The TrustID Cloud website is the service interface. All functions can be performed from the website:
Identity document submission
GuestLink creation
Review results
Manage Users
Run reports
Accessibility standards
None or don’t know
Description of accessibility
The website relies on text rather than sounds, images or colours. The text may be increased or decreased using zoom controls. Website supports English language only.
Accessibility testing
None specifically.
What users can and can't do using the API
The API provides flexibility to integrate TrustID into other systems both to submit images and data, and to retrieve results of checks. There are a variety of routes available to achieve this, allowing you to implement the most appropriate flow for your desired journey. For example, our customers can collect images of their applicants' documents themselves before releasing them to TrustID for checking. Alternatively they can use the API to create a GuestLink for data subjects to then submit their own data directly to TrustID.

Once documents have been checked, TrustID uses webhooks and callbacks to let you know that the documents have been checked, and enable you to retrieve documents, images, data and results for importing into your own platform.

TrustID consultants can advise on the most appropriate method of integration and assist with the implementation and testing prior to going live.
API documentation
API documentation formats
  • HTML
  • Other
API sandbox or test environment
Customisation available
Description of customisation
The TrustID GuestLink may be customised in a variety of ways (requires TrustID to implement this for you):
1. Change default message in GuestLink email
2. Customise GuestLink email logo
3. Customise document selection wizard to ensure you're capturing the documents your organisation needs


Independence of resources
Alerts are set for when loads reach a set threashold. We have the ability to add additional processing capacity and manpower at short notice to manage increased demand.


Service usage metrics
Metrics types
SPOC user can receive a monthly report via email. Report contains a breakdown of number of documents submitted by user in the past month and all time, as well as remaining credits.
A reporting tool is available on website to allow users with appropriate permissions to filter and run reports and export as CSV.
The remaining credits are also displayed on the web client at all times.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Users receive results of their check directly on the web client or mobile app. The results can be downloaded as PDF to either platform.
Data can also be extracted using the API.
Data export formats
  • CSV
  • Other
Other data export formats
  • PDF
  • CSV - used to export metadata
Data import formats
Other data import formats
  • PDF
  • JPEG
  • PNG

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
The service is available for document submission at any time.
We have a 1 hour SLA (8am-midnight, 7 days a week) for providing a response to submissions.
The service level is not guaranteed but systems and processes are in place to minimise the possibility of service levels not being met, including near time replication to an external data centre and a flexible workforce to deal with peaks and increases in demand.
Approach to resilience
In addition to daily backups, the service is constantly replicated to another datacentre. Data is immediately backed up. In the event of a disaster, the machine in the mirror datacentre would come online and take over.
Outage reporting
Planned outages are reported via email to account holders.

Identity and authentication

User authentication needed
User authentication
Username or password
Access restrictions in management interfaces and support channels
Management interfaces are only accessible via a specific TrustID controlled user-interface. Access is restricted to TrustID personnel and protected by usernames/passwords and permission levels.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • Username or password
  • Other
Description of management access authentication
Access only via specific TrustID-software.

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
British Assessment Bureau
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
The Information Security Management System has been assessed and certified as meeting the requirements of ISO 27001:2013 for the following activities:
Solutions to validate identity, based on bespoke software and scanning technology - preventing fraud and providing organisations with confidence that they are complying with legislative and regulatory requirements - and the protection of the associated customer and corporate information from our head office in Reading to UK and International clients. This is in accordance with the Statement of Applicability Issue 1.4 dated November 2021.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
TrustID defines information security as the protection of the confidentiality, integrity and availability of information in order to ensure business continuity, minimise business risk and maximise return on investment and business opportunities.

An Information Security Manager is appointed, reporting to an Executive management team. Their responsibilities include:
• Ownership and management of the ISMS, including the information security objectives and their achievement
• Advising senior management of any additional resource requirements needed in support of the ISMS delivery
• Information security awareness and training of TrustID staff
• Maintaining links with external advisory groups and authorities e.g. law enforcement agencies, Information Commissioner’s Office.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Configuration and change requirements are managed using a shared tracking tool which records the change, the impact, resolution and steps taken, before being signed off by the relevant department manager.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Independent penetration testing is performed every 6 months.
Software code is checked using a static analyser tool to identify security vulnerabilities.
Any threats identified are assessed and classed as high, medium and low risk. High risk threats are fixed as soon as possible.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
TrustID deploys event log analysis software across its different systems to identify potential incidents.

Incidents are assessed and appropriate actions are assigned to advise affected parties and remedy the situation,

Incidents are responded to as soon as they are identified.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Users report incidents to the Information Security Manager via a tracking portal. The Information Security Manager determines the actions required to deal with the action request or assigns the ticket to the appropriate Owner, who sets a target date for completion.
The aim is to analyse the root cause of the problems reported, with a view to preventing recurrence.
Action owners report completion to the Information Security Manager by changing the state to ‘Finished’, before the Information Security Manager verifies that the actions have addressed the issue.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks

Social Value

Fighting climate change

Fighting climate change

TrustID encourages the use of public transport and carpooling where appropriate in order to contribute the reduction of the number of vehicles on the road.
Covid-19 recovery

Covid-19 recovery

TrustID has developed its GuestLink service as a way to enable businesses to meet their regulatory Right to Work checking requirements under the Covid-19 exemption in a secure manner.

TrustID navigated Covid-19 without having to make use of the furlough scheme or reduce staff numbers.
Equal opportunity

Equal opportunity

TrustID is an equal opportunity employer that is committed to diversity and inclusion in the workplace. We are proud to have a diverse team with a wide range of experiences and backgrounds. We prohibit discrimination and harassment of any kind based on (but not limited to) race, colour, sex, religion, sexual orientation, nationality or disability.

Our approach applies to all our employment practices, including recruiting, promotion and termination. Hiring decisions are based solely on qualifications, merit, and the needs of the business.


£1.50 a unit
Discount for educational organisations
Free trial available
Description of free trial
A free trial may be offered after an initial discussion, depending on requirements. A typical trial is for 10 units (known as credits), valid for 2 weeks.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.