|ARB Notice regarding KIAF-1340 Service Approval Handbook, 2020-03-30
In light of the present SARS-COV2/COVID-19 virus pandemic the ARB has reviewed the Service Approval Handbook §6.1.3, §8.1.3 and §9.1.3 (which state requirements under which Assessors SHALL include site visits in their assessment program) and determined that, until this notice is rescinded, any Kantara requirements that assessors visit CSPs’ premises or meet face-to-face with personnel are suspended.
High Level View of the Kantara Service Provider Approval Process
Credential Service Providers (CSPs) Full Service or Component Service approval process phases
The process shown below apply to the following applicants seeking to gain Kantara Service Approval: Credential Service Providers, Identity Proofing Service Component Providers, Credential Management Service Component Providers.
1) Design & Build The Identity Service, which includes policy practice and technologies. Might be in development, implementation or full operation. May or may not initially conform to the Kantara IAF requirements, specifically the Service Assessment Criteria.
3) Contact Kantara & Become a Kantara Member Join Kantara
4) Complete the implementation of the Identity Service in a way that meets the requirements of the Kantara IAF.
5) Apply for Approval – Initial Application
The Applicant shall submit an Initial Application Package, essentially to introduce themselves and their service to Kantara, defining the scope and nature of their service, and other essential information, including which Service Assessment Criteria (SAC) and specific criteria therein they believe are applicable to their service.
Fill out the below:
- Application form – Application for Service Approval (ASA)
- Outline Service Description – Specification of a Service Subject to Assessment (S3A)
- Provide a representative Statement of Conformity (SoC). Please refer to Classes of Approval to indicate which SAC is applicable.
- Accept the terms and conditions of the TMLA** – Kantara-Initiative-IAF-Trademark License Agreement
Submit the complete documentation to secretariat at kantarainitiative.org
(**) Send this document to your Contract Review Team as soon as possible.
6) Be Assessed & Address Findings. Assurance Review Board accepts the initial application and applicant selects and engages a Kantara Accredited Assessor.
Applicant completes a Detailed S3A to define the assessment scope.
Accredited Assessor conducts assessment relative to appropriate Service Assessment Criteria. Accredited Assessor produces a Kantara Assessor Report (KAR). Applicant works with the Assessor to address non-conforming service areas
7) Applicant submits to the Secretariat the approval package, including, KAR, completed Statement of Conformity (SoC), detailed S3A and updated application.
8) Kantara Evaluation & Decision. Assurance Review Board (ARB) evaluates material, seeking clarification if needed. ARB makes a recommendation to the Kantara Board of Trustees to Approve License Grant, Approve License Grant with Conditions or Deny License Grant.
9) Kantara Board of Directors (BoD) ratification. BoD makes a decision based on the ARB recommendation.
10) Grant of License. If Approved, the Applicant enters the process to formalize the Grant of License to use the Kantara Initiative Identity Assurance Framework Trademark. A grant of Approval is valid for three years, with annual conformity reviews taking place in the two intervening years.
List of Kantara Approved CSPs and Accredited Assessors Kantara Trust Status List