Service Assessment Criteria Development Process
The process of developing Service Assessment Criteria (SAC) is, as with everything that is done at Kantara, done transparently with the wider ecosystem we serve. The following six stage process, based on the Publication Approval Stages identified in the Kantara Initiative Operating Procedures, is used to create SAC.
Stage 1 – Initial Drafting
The IAWG engages the services (either paid or pro bono) of a subject matter expert (SME) as editor to prepare a Preliminary Initial Draft of Service Assessment Criteria (SAC). Kantara, wherever feasible, uses a SME who is intimately familiar with both Kantara operations and its Trust Framework in order to provide:
• the quickest production timespan, and
• a high degree of consistency with all other aspects of the IAF’s SACs, Classes of Approval, established practices etc.
The SME extracts normative clauses from published source documents of the Scheme that specify requirements and re-expresses the normative clauses in a Kantara template that ensures that it is consistent with other existing SAC.
If the SME functions as a Kantara-Approved Assessor, Kantara Initiative recognizes that there could be a perception of bias in the drafting process. Kantara believes that the remaining stages of the approval process removes any potential bias that might have been introduced during the development of the Preliminary Initial Draft.
Stage 2 – Specialist Review
Upon completion of the Preliminary Initial Draft of the SAC, the Chair of IAWG works with the Kantara Initiative Director of Assurance Operations to call for volunteers to form an IAWG Sub-Group (SG) to review the Preliminary Initial Draft and develop an Initial Draft of the SAC. As participation in the IAWG is open to both Members and non-members of Kantara, there is no restriction to participation in the SG. The Kantara Initiative Director of Assurance Operations works to have representation within the SG from all interested sectors: Kantara’s approved Credential Service Providers (CSPs), accredited Assessors and other community participants such as Relying Parties (RP), Legislators, and the owners of the Scheme reference documents. However, because participation cannot be forced and is entirely voluntary, the membership of the SG represents the interests of those who decide to participate. During its work the SG rigorously reviews each draft criterion to ensure that it meets the following requirements:
• It faithfully captures the source reference’s intended goal,
• It is clearly stated,
• It is consistent with other related clauses/criteria,
• It is expressed in a way which can be understood by implementers,
• There is no bias in the wording which could favour any specific individual or group (e.g., an Assessor, a CSP, …), and
• It does not present unjustified additional obligation upon implementers (essentially CSPs, but possibly also Assessors, RPs and other specific parties identified by the source reference).
The review is designed to ensure that each criterion will arrive at the same result when used by different Assessors to assess the same service. As the SG performs its work it keeps records of any changes made to the Preliminary Initial Draft of the SAC.
Stage 3 – IAWG Review
Upon completion of the Initial Draft of the SAC by the SG, the Chair of IAWG presents it to the IAWG for review and approval. The IAWG review provides a second level of independent review to ensure that the requirements stated above are met. Formal disposition practices are employed in processing this review, which may include a number of iterations as comments are analysed, disposed and revised criteria produced. In addition, since it will be responsible for reviewing future applications which will have been assessed against the new SAC, the Assurance Review Board is invited to review and comment on it. As a final step, the IAWG formally votes, during a quorate meeting, to approve the draft as a Group-Approved Draft SAC Recommendation.
Stage 4 – Public Review and IPR Review
The Group-Approved Draft SAC Recommendation is submitted for Public Review and IPR Review to allow members of the community and wider ecosystem to conduct internal legal and technical reviews. After a minimum 45-day review, any comments received are considered and a disposition prepared, and the Group-Approved Draft SAC Recommendation is updated as necessary to become a Group-Approved SAC Recommendation.
Stage 5 – Leadership Council Approval
The Group-Approved SAC Recommendation is submitted to Kantara Leadership Council for review and approval as a Kantara Initiative Candidate SAC Recommendation.
Stage 6 – All Member Approval
The Kantara Initiative Candidate SAC Recommendation undergoes an All Member Ballot for a minimum of fifteen days. Upon a successful ballot Kantara Initiative publishes it as a Kantara Initiative SAC Recommendation.