Service Provider Approval

ARB Notice regarding KIAF-1340 Service Approval Handbook, 2020-03-30

In light of the present SARS-COV2/COVID-19 virus pandemic the ARB has reviewed the Service Approval Handbook §6.1.3, §8.1.3 and §9.1.3 (which state requirements under which Assessors SHALL include  site  visits  in  their  assessment  program)  and  determined  that, until  this  notice  is  rescinded, any Kantara requirements that assessors visit CSPs’ premises or meet face-to-face with personnel are suspended.
While it understands that assessments already utilize a high degree of efficient use of on-line conferencing applications the ARB hereby requests that, in lieu of these above-cited requirements, assessors and CSPs use their best endeavours, given their respective business operation restrictions, to formulate a plan for a virtual inspection to the fullest extent practical, including remote video, of CSP premises.
Assessors SHALL, in their KARs, describe the steps that have been taken to substitute for actual on-site visits and describe any limitations which have been imposed.

High Level View of the Kantara Service Provider Approval Process

 

Credential Service Providers (CSPs) Full Service or Component Service approval process phases

The process shown below apply to the following applicants seeking to gain Kantara Service Approval: Credential Service Providers, Identity Proofing Service Component Providers, Credential Management Service Component Providers. 

1) Design & Build The Identity Service, which includes policy practice and technologies. Might be in development, implementation or full operation. May or may not initially conform to the Kantara IAF requirements, specifically the Service Assessment Criteria

2) Read Kantara Classes of Approval and Service Approval Handbook

3) Contact Kantara & Become a Kantara Member  Join Kantara

4) Complete the implementation of the Identity Service in a way that meets the requirements of the Kantara IAF.

5) Apply for Approval – Initial Application 

The Applicant shall submit an Initial Application Package, essentially to introduce themselves and their service to Kantara, defining the scope and nature of their service, and other essential information, including which Service Assessment Criteria (SAC) and specific criteria therein they believe are applicable to their service.

Fill out the below:

Submit the complete documentation to secretariat at kantarainitiative.org

(**) Send this document to your Contract Review Team as soon as possible.

6) Be Assessed & Address Findings. Assurance Review Board accepts the initial application and applicant selects and engages a Kantara Accredited Assessor.

Applicant completes a Detailed S3A to define the assessment scope.

Accredited Assessor conducts assessment relative to appropriate Service Assessment Criteria. Accredited Assessor produces a Kantara Assessor Report (KAR). Applicant works with the Assessor to address non-conforming service areas

7) Applicant submits to the Secretariat the full approval package, including, KAR, completed Statement of Conformity (SoC), detailed S3A and updated application.

8) Kantara Evaluation & Decision. Assurance Review Board (ARB) evaluates material, seeking clarification if needed. ARB makes a recommendation to the Kantara Board of Trustees to Approve License Grant, Approve License Grant with Conditions or Deny License Grant.

9) Kantara Board of Directors (BoD) ratification. BoD makes a decision based on the ARB recommendation.

10) Grant of License. If Approved, the Applicant enters the process to formalize the Grant of License to use the Kantara Initiative Identity Assurance Framework Trademark. A grant of Approval is valid for three years, with annual conformity reviews taking place in the two intervening years.

 

See: Kantara Identity Assurance Framework Controlling Documents 

List of Kantara Approved CSPs and Accredited Assessors  Kantara Trust Status List