Assurance Review Board Charter


Assurance Review Board (ARB) – Charter

(Approved by Kantara Board of Directors on July 10, 2019)

1. Scope

The Assurance Review Board (ARB) is the operational authoritative body of the Kantara Trust Framework Operations Program (TFOP). It has delegated authority from the Kantara Initiative Board of Directors (KIBoD) to:

a) Review applications and reports; and

b) Make recommendations to the KIBoD for ratification of Grant of Rights of Use of the Kantara Initiative Trust Mark.

The ARB is chartered to:

a) Provide oversight of the TFOP¹; and

b) Review applications using the appropriate Kantara Identity Assurance Framework (IAF) review guidelines.

[1] There are two documents describing the TFOP and its operation. These are: a) IAF-1350 (Assessor Accreditation Handbook) and b) IAF-1340 (Service Approval Handbook), which are available at ID Assurance Controlling Documents

2. Membership

Voting Members of the ARB must have at least Participant status in the Kantara Initiative and be appointed by the KIBoD. Membership should consist of representation of the following communities:

a) Credential Service Providers (CSPs);

b) Relying Parties (RPs);

c) Auditors;

d) Federation Operators;

e) Interested Parties;

f) Technical Contributors; and

g) Non-voting Subject Matter Experts.

3. Duties of the ARB

The ARB is responsible for assessing applications, renewals, terminations, and appeals with regard to Grants of Rights of Use of the Kantara Initiative Trust Mark. The ARB is also responsible for monitoring ongoing approval and accreditation activities as well as the overall approval program.

3.1 Assessing Applications:

a) In accordance with the IAF, create and execute review plans relevant to applications and reports for Assessor Accreditation, Service Approval, and Technical Profile Interoperability. Only reports that are prepared by Kantara Initiative Accredited Assessors shall be considered to be acceptable.

b) Deliver recommendations for Trust Mark Grants of Rights of Use to the KIBoD (to: grant unconditionally; grant conditionally, meaning the application will be reviewed in no less than 6 months; or reject, with justification); and

c) In the case of an appeal against the rejection or qualification of an application, for recommendations originating with the ARB², serve with three additional ad-hoc members, within two weeks of appeal being filed, to review the recommendation and make a final determination.

[2] For appeals submitted by a Service Provider, refer to the Service Approval Handbook – KIAF 1340, Section 5.1.5. For appeals submitted by Assessors, refer to the Assessor Accreditation Handbook – KIAF 1350, Section 5.2.5.

3.2 Providing Program Guidance and Oversight:

a) Conduct annual reviews of grants awarded, working from a report generated by the applicant and submitted by the Secretariat. Any change in approval status shall be ratified by the KIBoD.

b) Work to resolve any complaints or concerns submitted about Grantees in order to maintain integrity of the program.

3.3. Maintain Confidentiality and Impartiality:

a) Maintain strict confidentiality throughout the life-cycle of the assessment process;

b) Be subject to any NDA procedures as required by the KIBoD; and

c) Disclose any conflict of interest and self-recuse from voting.

4. Recusal from ARB Reviews

4.1. Calling for recusals

Once an application is ready to be evaluated by the ARB, the Secretariat shall call for recusals.

4.2. Reasons for recusal

Members shall recuse themselves for any of the following reasons:

a) Financial conflict;

b) Direct or indirect gain (of all sorts) arising from access to confidential information and/or creation of ARB recommendations;

c) Family/personal relationships and bias;

d) Contractual or affiliation relationships;

e) ARB members seeking employment or post-employment activities in interested Parties;

f) Acts of God or Force Majeure;

g) or for any other circumstances, as they might identify.

Any member of the ARB may identify a conflict they perceive another member to have and may request the recusal of that member.

Those ARB members not recused shall form the Review Team.

In the event that the ARB’s Chairperson is recused then remaining review Team Members shall choose one of their number to act as Chairperson for the duration of the review.

5. Criteria for Success

The ARB shall be deemed to be effective in its operations when each of the following goals is consistently achieved:

a) Credible assessment of applications, renewals and appeals;

b) Marketplace recognition of the value of the Kantara Initiative Trust Mark;

c) Marketplace demand for assessments bearing the Kantara Initiative Trust Mark;

d) Professional and reasonable resolution of assessment issues, in compliance with timeframes outlined in the IAF; and

e) Confidentiality maintained throughout the process.

6. Duration

The ARB exists at the discretion of the KIBoD. In the event that a member of the ARB needs to resign their seat, they shall seek to submit their resignation 30 days prior to the need to cease performing responsibilities.

7. Resource Requirements

The ARB requires the following support from the Kantara Initiative:

a) Access to the KIBoD for its receipt of approval and accreditation recommendations and their timely processing;

b) Secure, restricted and segregated access storage of program materials;

c) Teleconference bridge; and

d) Program Management Office to fulfill the role of the Secretariat.

ARB members shall:

a) Cover their own costs incurred as a result of participation; and

b) Attend and monitor any on-site review visits as required to confirm conformance as declared in applications.

8. Coordination and Dependencies

The ARB operates under the following policy documents:

a) Service Approval Handbook (KIAF – 1340),

b) Assessor Accreditation Handbook (KIAF – 1350), and

c) Required Assessor Knowledge and Skills (KIAF – 1610).

However, for the Service Assessment Criteria applicable to the various Kantara´s Classes of Approval, the ARB shall follow the guidance of the latest published IAF and its associated documents, which are maintained by the Identity Assurance Work Group (IAWG). The ARB will interpret and apply the IAF processes and guidance to the best of its collective understanding, knowledge and experience. In the event that clarification is required the ARB shall refer to the IAWG to request clarification of interpretation or omission, and shall consider the IAWG’s response.

The ARB will coordinate with the IAWG by inviting the IAWG Chairperson to attend ARB meetings as a non-voting participant.

The ARB has an explicit dependency on the full documentation set of the IAF, and may express to the KIBoD a dependency on such other critical documentation as may be identified.

9. Communications and Meetings

Members will communicate through the ARB mailing lists and regular conference calls. Face-to-face meetings may take place in conjunction with regularly scheduled Kantara Initiative meetings.

10. Voting Requirements

The following voting rules shall apply to decisions of the ARB:

a) Recommendations for accreditation, approval, etc., shall require a Super Majority of all non-recused voting members; and

b) For other types of decisions, the group shall use Simple Majority quorum rules.