TrustID Cloud - Identity Checking Service
TrustID Cloud checks and assesses identity documents (passports, visas, ID cards, driving licences) to assist with right to work, right to rent, DBS and KYC and AML compliance. Optional additional services include liveness, face matching, address verification and PEP screening to support GPG45, as well as RTW eligibility checking.
Features
- Identity Document checking
- Automated checks, backed up by a team of document experts
- Face matching and liveness checking options
- Address verification and PEP and Sanction screening options
- Right to Work eligibility checking
- Checking under DBS/RTW/RTR Digital Schemes (certification required)
- Use GuestLinks for candidate self-service
- Unlimited user accounts
- Access via web or API
- Pay per check
Benefits
- Check that identity documents are genuine
- Enables customer due diligence and prevents fraud
- Aids right to work and right to rent compliance
- Document helpdesk available to manually review suspicious identity documents
- Payment structure suitable for businesses of all sizes
- API allows integration into existing systems at no extra cost
- Maximum 1 hour response time, 8am to midnight, 7 days/week
- Manage your own users (unlimited user accounts)
- Managers can view results centrally and report on activity
- GuestLinks facilitates the new digital DBS, RTW and RTR schemes
Pricing
£1.50 a unit
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
6 0 8 6 1 0 7 0 0 9 3 7 7 9 9
Contact
TrustID
Sales Team
Telephone: 01184660822
Email: enquiries@trustid.co.uk
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Private cloud
- Service constraints
-
Customers may submit documents for checking at any time.
Documents which require manual review will be returned within 1 hour between 8am and midnight, 7 days a week, including public holidays.
Checks under the Digital DBS, RTW and RTR schemes must be performed using a smartphone with a camera and may require NFC reading capability. - System requirements
- WiFi or 3G/4G/5G
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
Document Helpdesk support SLA is 1 hour (8am-midnight), 7 days a week.
Technical support SLA is 2 hours during weekday business hours. Technical support is not provided at weekends. - User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), 7 days a week
- Web chat support
- Web chat
- Web chat support availability
- 9 to 5 (UK time), 7 days a week
- Web chat support accessibility standard
- None or don’t know
- How the web chat support is accessible
-
Web chat is accessible directly from the TrustID website. Webchat relies on text rather than sounds, images or colours. The text may be increased or decreased using zoom controls.
Webchat supports English language only. - Web chat accessibility testing
- None specifically.
- Onsite support
- Yes, at extra cost
- Support levels
-
Support is provided for:
Identity document queries.
Right to Work eligibility queries.
User account set up and password resets.
Service error reporting and suggestions.
Integration support (via API)
There are no additional costs for support. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
No training required as the workflow is simple and includes wizards to guide users through the process.
Initially, we set up management user accounts (email address and name required) and send login details to the management users, along with a short get-started guide. Management users are then able to create and manage user accounts for their own users. - Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
- Users can download and extract their data at any point while it remains in our system. Data from submitted documents is automatically deleted 7 days after submission by default. Users can manually delete this at any point before the automatic deletion date.
- End-of-contract process
-
Checks are sold on a per-document basis rather than a contract length basis. Users can no longer use the service to perform checks once all credits have been used. Additional credits can be purchased at any time.
Each document checked uses up a single credit, whether accepted, failed or rejected .
Included in the service is the checking of the agreed quantity of documents and images to the agreed standard. The service also includes access to our Document Analyst team, which is available to provide support for individual document checks or general Right to Work eligibility questions.
Account holders can have unlimited user accounts and unlimited apps deployed across their organisation.
Access to the API is included at no extra cost.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
-
The service can be accessed on both desktop and mobile devices from a web browser, with no difference in functionality.
The website has been optimised for mobile. - Service interface
- Yes
- User support accessibility
- None or don’t know
- Description of service interface
-
The TrustID Cloud website is the service interface. All functions can be performed from the website:
Identity document submission
GuestLink creation
Review results
Manage Users
Run reports - Accessibility standards
- None or don’t know
- Description of accessibility
- The website relies on text rather than sounds, images or colours. The text may be increased or decreased using zoom controls. Website supports English language only.
- Accessibility testing
- None specifically.
- API
- Yes
- What users can and can't do using the API
-
The API provides flexibility to integrate TrustID into other systems both to submit images and data, and to retrieve results of checks. There are a variety of routes available to achieve this, allowing you to implement the most appropriate flow for your desired journey. For example, our customers can collect images of their applicants' documents themselves before releasing them to TrustID for checking. Alternatively they can use the API to create a GuestLink for data subjects to then submit their own data directly to TrustID.
Once documents have been checked, TrustID uses webhooks and callbacks to let you know that the documents have been checked, and enable you to retrieve documents, images, data and results for importing into your own platform.
TrustID consultants can advise on the most appropriate method of integration and assist with the implementation and testing prior to going live. - API documentation
- Yes
- API documentation formats
-
- HTML
- Other
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
-
The TrustID GuestLink may be customised in a variety of ways (requires TrustID to implement this for you):
1. Change default message in GuestLink email
2. Customise GuestLink email logo
3. Customise document selection wizard to ensure you're capturing the documents your organisation needs
Scaling
- Independence of resources
- Alerts are set for when loads reach a set threashold. We have the ability to add additional processing capacity and manpower at short notice to manage increased demand.
Analytics
- Service usage metrics
- Yes
- Metrics types
-
SPOC user can receive a monthly report via email. Report contains a breakdown of number of documents submitted by user in the past month and all time, as well as remaining credits.
A reporting tool is available on website to allow users with appropriate permissions to filter and run reports and export as CSV.
The remaining credits are also displayed on the web client at all times. - Reporting types
-
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- None
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
- Protecting data at rest
-
- Physical access control, complying with another standard
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
-
Users receive results of their check directly on the web client or mobile app. The results can be downloaded as PDF to either platform.
Data can also be extracted using the API. - Data export formats
-
- CSV
- Other
- Other data export formats
-
- CSV - used to export metadata
- Data import formats
- Other
- Other data import formats
-
- JPEG
- PNG
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
-
The service is available for document submission at any time.
We have a 1 hour SLA (8am-midnight, 7 days a week) for providing a response to submissions.
The service level is not guaranteed but systems and processes are in place to minimise the possibility of service levels not being met, including near time replication to an external data centre and a flexible workforce to deal with peaks and increases in demand. - Approach to resilience
- In addition to daily backups, the service is constantly replicated to another datacentre. Data is immediately backed up. In the event of a disaster, the machine in the mirror datacentre would come online and take over.
- Outage reporting
- Planned outages are reported via email to account holders.
Identity and authentication
- User authentication needed
- Yes
- User authentication
- Username or password
- Access restrictions in management interfaces and support channels
- Management interfaces are only accessible via a specific TrustID controlled user-interface. Access is restricted to TrustID personnel and protected by usernames/passwords and permission levels.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- Username or password
- Other
- Description of management access authentication
- Access only via specific TrustID-software.
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- British Assessment Bureau
- ISO/IEC 27001 accreditation date
- 14/03/2022
- What the ISO/IEC 27001 doesn’t cover
-
The Information Security Management System has been assessed and certified as meeting the requirements of ISO 27001:2013 for the following activities:
Solutions to validate identity, based on bespoke software and scanning technology - preventing fraud and providing organisations with confidence that they are complying with legislative and regulatory requirements - and the protection of the associated customer and corporate information from our head office in Reading to UK and International clients. This is in accordance with the Statement of Applicability Issue 1.4 dated November 2021. - ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- No
- Cyber essentials plus
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
-
TrustID defines information security as the protection of the confidentiality, integrity and availability of information in order to ensure business continuity, minimise business risk and maximise return on investment and business opportunities.
An Information Security Manager is appointed, reporting to an Executive management team. Their responsibilities include:
• Ownership and management of the ISMS, including the information security objectives and their achievement
• Advising senior management of any additional resource requirements needed in support of the ISMS delivery
• Information security awareness and training of TrustID staff
• Maintaining links with external advisory groups and authorities e.g. law enforcement agencies, Information Commissioner’s Office.
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
- Configuration and change requirements are managed using a shared tracking tool which records the change, the impact, resolution and steps taken, before being signed off by the relevant department manager.
- Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
-
Independent penetration testing is performed every 6 months.
Software code is checked using a static analyser tool to identify security vulnerabilities.
Any threats identified are assessed and classed as high, medium and low risk. High risk threats are fixed as soon as possible. - Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
-
TrustID deploys event log analysis software across its different systems to identify potential incidents.
Incidents are assessed and appropriate actions are assigned to advise affected parties and remedy the situation,
Incidents are responded to as soon as they are identified. - Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
-
Users report incidents to the Information Security Manager via a tracking portal. The Information Security Manager determines the actions required to deal with the action request or assigns the ticket to the appropriate Owner, who sets a target date for completion.
The aim is to analyse the root cause of the problems reported, with a view to preventing recurrence.
Action owners report completion to the Information Security Manager by changing the state to ‘Finished’, before the Information Security Manager verifies that the actions have addressed the issue.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Social Value
- Fighting climate change
-
Fighting climate change
TrustID encourages the use of public transport and carpooling where appropriate in order to contribute the reduction of the number of vehicles on the road. - Covid-19 recovery
-
Covid-19 recovery
TrustID has developed its GuestLink service as a way to enable businesses to meet their regulatory Right to Work checking requirements under the Covid-19 exemption in a secure manner.
TrustID navigated Covid-19 without having to make use of the furlough scheme or reduce staff numbers. - Equal opportunity
-
Equal opportunity
TrustID is an equal opportunity employer that is committed to diversity and inclusion in the workplace. We are proud to have a diverse team with a wide range of experiences and backgrounds. We prohibit discrimination and harassment of any kind based on (but not limited to) race, colour, sex, religion, sexual orientation, nationality or disability.
Our approach applies to all our employment practices, including recruiting, promotion and termination. Hiring decisions are based solely on qualifications, merit, and the needs of the business.
Pricing
- Price
- £1.50 a unit
- Discount for educational organisations
- No
- Free trial available
- Yes
- Description of free trial
- A free trial may be offered after an initial discussion, depending on requirements. A typical trial is for 10 units (known as credits), valid for 2 weeks.