Sumsub keeps getting questions from our followers about the specifics of regulatory compliance, verification, automated solutions, and everything in between. We’ve therefore decided to launch a bi-weekly Q&A series, where our legal, tech, and other experts answer your most frequently asked questions. Check out The Sumsuber and our social media every other Thursday for new answers, and don’t forget to ask about the things that interest you.
This week, our DPO/Deputy Head of Legal Department, Polina Ryabinchuk, will advise on the most important certifications a verification provider must hold.
Follow this bi-weekly series and submit your own questions to our Instagram and LinkedIn.
Usually, a company can ensure the reliability and security of its digital identity verification solution by passing independent assessments in the areas of information security, data privacy, and identity verification product-related evaluations. The following certifications and tests are examples that confirm adherence to industry standards in these areas:
Information Security:
However, this list is not exhaustive. It’s important to know how often the company conducts audits and whether it actively seeks new checks and certifications.
Recently, Sumsub became the first identity verification provider to complete the new Global Digital Identity Certification (GDIC).
This certification is based on ISO/IEC 29115:2013 (LoA2 & LoA3) and ISO/IEC TS 29003:2018 Identity Proofing (LoIP2 & LoIP3), setting a new benchmark for secure and standardized digital identity verification worldwide. The standard offers a comprehensive framework for reliable digital identity verification.
You can check the key features of the Global Digital Identity Certification here.
In December 2023, ISO published the first edition of the global standard for AI management systems. It is essential to give careful consideration to this standard when engaging with providers that utilize AI. Additionally, it’s important to ask the following questions:
Information Security:
- ISO/IEC 27001:2013
- ISO/IEC 27017:2015
- ISO/IEC 27701:2019
- SOC 2
- ISO/IEC 27018:2019
- UK GDPR certification (Data & Privacy ACCS 2:2021)
- EU GDPR certification
- eIDAS & ETSI standards framework
- UK digital identity and attributes trust framework
- ISO 29003:2018 & 29115:2013
- FIDO certification
- Biometric Presentation Attack Detection according to ISO/IEC 30107-1:2023
However, this list is not exhaustive. It’s important to know how often the company conducts audits and whether it actively seeks new checks and certifications.
Recently, Sumsub became the first identity verification provider to complete the new Global Digital Identity Certification (GDIC).
This certification is based on ISO/IEC 29115:2013 (LoA2 & LoA3) and ISO/IEC TS 29003:2018 Identity Proofing (LoIP2 & LoIP3), setting a new benchmark for secure and standardized digital identity verification worldwide. The standard offers a comprehensive framework for reliable digital identity verification.
You can check the key features of the Global Digital Identity Certification here.
In December 2023, ISO published the first edition of the global standard for AI management systems. It is essential to give careful consideration to this standard when engaging with providers that utilize AI. Additionally, it’s important to ask the following questions:
- Does the vendor have the technology to combat sophisticated identity fraud?
- Does the vendor use device fingerprinting?
- Does the vendor employ AI to detect AI-enhanced documents?
- How and where does the vendor store the processed data?
Polina Ryabinchuk
DPO/Deputy Head of Legal Department
You can view all of Sumsub’s existing certifications here.
For a detailed guide on selecting an efficient verification vendor, check this link.
