Download presentation
Presentation is loading. Please wait.
Published byOphelia Sarah Snow Modified over 9 years ago
1
TFTM 01-06 Interim Trust Mark/Listing Approach Paper Accreditation, Certification, and Trust Mark Program Key Administrative and Operational Responsibilities Discussion Deck TFTM Committee February 5, 2014 2-05-2014IDESG TFTM Committee1
2
Trust Framework - Developed by a community whose members have similar goals and perspectives. It defines the rights and responsibilities of that community’s participants in the Identity Ecosystem; specifies the policies and standards specific to the community; and defines the community-specific processes and procedures that provide assurance. (Source: NSTIC) Trust Framework Provider - An organization that defines or adopts a trust framework and then, certifies participants that are in compliance with the requirements of that framework. (Source: FICAM TFPAP-slightly modified for context) Accreditation Body (AKA “Accreditation Authority”) – An organization that evaluates, approves and provides formal recognition that an entity is capable of carrying out certification assessment and validation activities for a specific trust framework Accreditation - The processes for the evaluation, approval and formal recognition that an entity is capable of carrying out certification assessment and validation activities for a specific trust framework. (Source: Kantara-slightly modified for context) 2-05-2014IDESG TFTM Committee2 Key terms for this discussion
3
Certification- The processes of assessing, validating, and determining that a product or service provider meets the defined requirements of a specific trust framework. (Source: FICAM TFPAP-slightly modified for context) Trustmark - A visual symbol and/or digital certificate that is used to indicate that a product or service provider has been certified to meet the requirements of a specific trust framework. (Source: NSTIC- Slightly modified) Trust List - A list of participants who have been determined to meet the requirements of a trust framework and are authorized to operate within that trust framework. Trust lists can be a simple visual representation or be integrated into the electronic interactions of a trust framework. (Source: Modified from NSTIC Trustmark definition) 2-05-2014IDESG TFTM Committee3 Key terms for this discussion
4
Accreditation Program Certification Program Service Provider Administrative Responsibilities: Document and maintain : Policies and participation rules Requirements Application/Onboarding processes Standard agreement for accredited entities Maintain public trust list/registry of accredited entities Operational Responsibilities: Evaluate the capability of applicant entities for certification activities Perform policy mapping, as appropriate, for entity certification policies/requirements conformance/comparability to Accreditation Program requirements Administrative Responsibilities: Document and maintain: Requirements Assessment Processes Assessment Criteria Application/onboarding processes Standard agreement for certified entities Formal recognition of certified services Maintain public trust list/registry of certified entities Operational Responsibilities: Perform and document assessments Validate conformance to Certification Program requirements Provide formal recognition for approved/validated identity services Monitor continued conformance for certified entities Administrative Responsibilities: Document and maintain Trust Mark issuance and usage policies and participation rules Document and maintain Trust Mark (Usage) Agreement Document and maintain security and controls for Trustmark monitoring. Operational Responsibilities: Execute and maintain Trust Mark (Usage) Agreements for certified entities Monitor continued conformance to Trustmark usage requirements for certified entities Establish and maintain security and controls for issued trust marks Trust Mark Issuance Accredit Certify/Issue Certification Accreditation 2-05-2014IDESG TFTM Committee4
5
2-05-2014IDESG TFTM Committee5 Key Administrative Responsibilities Industry ExamplesRelevant Standards Document and maintain Accreditation Program policies and participation rules Kantara IAF, IAF 1300 Assurance Assessment SchemeKantara IAF, IAF 1300 Assurance Assessment Scheme, IAF 1600 Qualified Assessor Requirements IAF 1600 Qualified Assessor Requirements SysTrust/Webtrust Trust Services Principles, Criteria, and Illustrations FICAM Trust Framework Provider Adoption Program (TFPAP), Certificate Policies for FBCA, EGCA, EGTS ISO/IEC 17000 Conformity Assessment– Vocabulary and general principles ISO/IEC 17011 Conformity assessment — General requirements for accreditation bodies Document and maintain Accreditation Program requirements Kantara IAF 1600 Qualified Assessor Requirements SysTrust/Webtrust Trust Services Principles, Criteria, and Illustrations FICAM TFPAP, Criteria and Methodology for Cross-certification with the FBCA ISO/IEC 17011 Conformity assessment — General requirements for accreditation bodies Document and maintain Accreditation Program application and approval processes (initial, renewal) Kantara Accredited Assessor Application FICAM Trust Framework Provider Assessment Package ApplicationFICAM Trust Framework Provider Assessment Package Application, Criteria and Methodology for Cross-certification with the FBCA ISO/IEC 17011 Conformity assessment — General requirements Maintain public trust list/registry of accredited entities KantaraKantara SysTrust/Webtrust FICAM TFPAP, FBCA SafeBiopharmaSafeBiopharma OIXOIX ISO/IEC 17011 Conformity assessment — General requirements for accreditation bodies Accreditation Program Key Responsibilities
6
2-05-2014IDESG TFTM Committee6 Key Operational ResponsibilitiesIndustry ExamplesRelevant Standards Process and support applicant entities through accreditation process N/A ISO/IEC 17011 Conformity assessment — General requirements for accreditation bodies accrediting conformity assessment bodies Evaluate the capability of applicant entities for certification activities N/A ISO/IEC 17011 Conformity assessment — General requirements for accreditation bodies accrediting conformity assessment bodies Perform policy mapping, as appropriate, for entity certification policies/requirements conformance/comparability to Accreditation Program requirements FICAM Trust Framework Provider Adoption Program FICAM FPKI Common Policy Framework CPS Evaluation Mapping Matrix ISO/IEC 17011 Conformity assessment — General requirements for accreditation bodies accrediting conformity assessment bodies Maintain compliance requirements for accredited entities. N/A ISO/IEC 17011 Conformity assessment — General requirements for accreditation bodies accrediting conformity assessment bodies Accreditation Program Key Responsibilities
7
2-05-2014IDESG TFTM Committee7 Key Administrative Responsibilities Industry ExamplesRelevant Standards Document and maintain Certification Program policy and requirements Kantara IAF, IAF 1300 Assurance Assessment SchemeKantara IAF, IAF 1300 Assurance Assessment Scheme, IAF 1400 Service Assessment Criteria IAF 1400 Service Assessment Criteria InCommon Identity Assurance Framework SysTrust/Webtrust Trust Services Principles, Criteria, and Illustrations FICAM TFPAP, Certificate Policies for FBCA, EGCA, EGTS ISO/IEC 17000 Conformity Assessment– Vocabulary and general principles ISO/IEC 17021 Conformity assessment— Requirements for bodies providing audit and certification of management systems Document and maintain Assessment Processes and Criteria Kantara IAF, IAF 1400 Service Assessment Criteria InCommon Identity Assurance Framework SysTrust/Webtrust Trust Services Principles, Criteria, and Illustrations Webtrust for Certification Authorities – Extended Validation Audit Criteria FICAM TFPAP, Criteria and Methodology for Cross-certification with the FBCA, PIV-I Certification Process ISO/IEC 17021 Conformity assessment— Requirements for bodies providing audit and certification of management systems Document and maintain Certification Program application processes Application for Kantara Approval FICAM Trust Framework Provider Assessment Package ApplicationFICAM Trust Framework Provider Assessment Package Application, Criteria and Methodology for Cross-certification with the FBCA ISO/IEC 17021 Conformity assessment— Requirements for bodies providing audit and certification of management systems Document and maintain standard agreement for certified entities InCommon Participation AgreementInCommon Participation Agreement (Identity Assurance Addendum)(Identity Assurance Addendum) Kantara Initiative IAF Trademark License Agreement FICAM MOU/MOA ISO/IEC 17021 Conformity assessment— Requirements for bodies providing audit and certification of management systems Certification Program Key Responsibilities
8
2-05-2014IDESG TFTM Committee8 Key Operational ResponsibilitiesIndustry ExamplesRelevant Standards Establish, train, and maintain Certification Program Assessment Team Kantara Assurance Review Board WebTrust Licensed Practitioners FICAM Trust Framework Evaluation Team, CPWG ISO/IEC 17021 Conformity assessment— Requirements for bodies providing audit and certification of management systems Perform and document assessments N/A ISO/IEC 17021 Conformity assessment— Requirements for bodies providing audit and certification of management systems Validate conformance to Certification Program requirements N/A ISO/IEC 17021 Conformity assessment— Requirements for bodies providing audit and certification of management systems Provide formal recognition /certification for approved/validated identity services N/A ISO/IEC 17021 Conformity assessment— Requirements for bodies providing audit and certification of management systems Maintain public trust list/registry of accredited entities KantaraKantara FICAM TFPAP, FBCA, SSP, PIV-IFICAM TFPAP, FBCA, SSP, PIV-I SafeBiopharmaSafeBiopharma OIXOIX WebTrust Licensed Practitioners ISO/IEC 17021 Conformity assessment— Requirements for bodies providing audit and certification of management systems Maintain, as appropriate, continued conformance for certified entities N/A ISO/IEC 17021 Conformity assessment— Requirements for bodies providing audit and certification of management systems Certification Program Key Responsibilities
9
2-05-2014IDESG TFTM Committee9 Key Administrative/Operational Responsibilities Industry ExamplesRelevant Standards Document and maintain Trust Mark issuance and usage policies and participation rules Kantara Assurance WebTrust/SysTrust InCommon Assurance US and International Trademark Law Document and maintain Trust Mark License (Usage) Agreement Kantara /IEEE-ISTO TMLA WebTrust Practioners License US and International Trademark Law Establish and maintain security and controls for Trust Mark issuance and use Kantara /IEEE-ISTO TMLA WebTrust AICPA/CICA Registry US and International Trademark Law Monitor/maintain trust mark integrity and conformance N/A US and International Trademark Law Trust Mark Program Key Responsibilities
10
2-05-2014IDESG TFTM Committee10 Accreditation, Certification and Trust Mark Flow Accreditation Body (ISO/IEC 17011) Certification (Trust Framework or Trust Mark) Providers Conformity Assessment Body (ISO/IEC 17011) Approved Service Provider (CSP) Approved Service Provider (IDP) Approved Service Provider (AA) Evaluate, approve and formally recognize entities that are capable of carrying out certification activities for a defined set of requirements (e.g., trust framework). Assess, validate, and determine that products or service providers meet the defined requirements of a specific trust framework. Service Providers apply for and are validated to meet defined Trust Framework requirements. Trust mark IDESG (?)
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.