Tag Archives: Pan-Canadian Trust Framework

Voilà Verified Trustmark Program is Live – ‘duty of care’ a top priority

The Digital ID and Authentication Council of Canada Launches Voilà Verified Program to Spotlight World-Class Vetted Digital Identity Solutions.

Toronto, October 18, 2022 – The Digital ID and Authentication Council of Canada (DIACC) has officially launched the Voilà Verified Trustmark Program – the first and only certification program to determine digital identity service compliance with the Pan-Canadian Trust FrameworkTM (PCTF).

A non-profit coalition of over 115 public and private members, the DIACC develops research and opportunities to enable Canada’s confident, safe, and full participation in a global digital economy.  

“One size does not fit all when it comes to identity solutions – but ensuring a solution delivers upon a defined duty of care is critical,” says Joni Brennan, president of the DIACC. “With the PCTF, and now with Voilà Verified, there is an opportunity to adopt a framework rooted in trust – and to earn compliance recognition. Voilà Verified identifies those who are ‘walking the walk’ –  those who are delivering safe and secure access to the global digital economy.” 

The DIACC’s PCTF is a publicly available framework for identity solutions that defines client, customer, and individual duty of care. The Voilà Verified program provides a vetting and assessment opportunity where PCTF-compliant solution vendors can earn a public-facing Trustmark. The result? Spotlight visibility of trustworthy, safe, reliable, and efficient solutions.

“The PCTF being leveraged on a global scale marks a significant opportunity across industries,” says Franklin Garrigues, VP External Ecosystems at TD Bank Group, DIACC Board Vice-Chair. “Voilà Verified is rooted in safety, protection, and reliability. This program enables safe access to the global digital economy with certainty.” 

Voilà Verified presents an opportunity to grow provincial-level investments in digital identity solutions. Provincial governments who have launched identity services can now earn a Trustmark of their own, and provinces that are on the cusp of entering the digital solution market can do so with confidence by seeking vendors with a Voilà Verified Trustmark.  

“Going digital is a big step for governments – and now, with Voilà Verified, provincial leaders are empowered to do so with confidence by engaging solution vendors that will protect end-users first and foremost,” says Colleen Boldon, Director, Digital Lab and Digital ID Programs, Public Services and Smart Government, Province of New Brunswick and DIACC Board member.  

Ruth Puente, Voilà Verified’s Trustmark Verification Program Manager, says a leading component of the program’s development was to ensure its procedures aligned with the International Organization of Standardization (ISO). 

“Voilà Verified is inclusive yet diligent in verifying PCTF-compliant solutions. The program was developed in alignment with ISO standards – and empowers informed decision making in a rapidly growing ecosystem of identity solutions.”

Puente, based in Madrid, Spain, brings international perspective and expertise to the Voilà Verified program with deep experience in internet governance policy and public affairs, trust and privacy innovation, and digital identity frameworks and certification.

“Delivering high-quality service is our priority. Customer protection is our priority. Increasing access to trustworthy solutions is our priority. We have formed teams of international experts to perform assessments and to oversee the process through an impartial lens,” says Puente. 

Entities who are responsible for assessing PCTF compliance within the Voilà Verified program are known as Accredited Assessors, Readiness Advisors, and Testing Laboratories.

The first official Accredited Assessor and Readiness Advisor is KUMA, a private sector DIACC member and global privacy, security, and identity consulting firm specializing in custom cybersecurity solutions – now the world’s first and only assessor to offer identity assessments in the US, Canada, and the UK. 

“KUMA is bringing the same expertise to the Voilà Verified program that we’ve been bringing to our clients for over a decade,” says Michael Magrath, KUMA’s Managing Director of Digital Identity. “We are dedicated, alongside the DIACC, to generate growth opportunities for identity solutions across Canada and the globe.” 

The Voilà Verified Trustmark Oversight Board (TOB) will make all final verification decisions based on reports from accredited entities. Made up of third-party volunteers with international expertise in identity management, auditing, compliance, cybersecurity, information security, and law, the TOB is the highest operating body of Voilà Verified. It is subject to impartiality, confidentiality and conflict of interest policies. 

Voilà Verified is a unique opportunity in which I am honoured to share my experience as an advisor and auditor within information security, compliance, and identity,” says Björn Sjöholm, Cybersecurity Entrepreneur of Seadot, and TOB Chair. 

Vendors are turning to the Voilà Verified program for several reasons, but the leading value proposition is market differentiation. Trustmark holders stand out from competitors by unlocking global business opportunities through international recognition and credibility. 

“Voilà Verified puts internationally reputable identity solutions on the map,” says Dave Nikolejsin, the DIACC’s Board Chair. “This is the way forward. With lateral growth of PCTF compliance across sectors – public and private – we establish a common value of trust. Launching Voilà Verified is a monumental stride for Canada to influence a safe and secure global digital economy.” 

Voilà Verified is ready to serve your entity today. To learn more and access your application package, visit the program overview on the DIACC website or contact voila@diacc.ca

– 30 –

ABOUT DIACC

DIACC is a growing coalition of public and private sector organizations that are making a significant and sustained effort to ensure Canada’s full, secure, and beneficial participation in the global digital economy. By solving challenges and leveraging opportunities, Canada has the chance to secure at least three percent of unrealized GDP or $100 billion of potential growth by 2030. Seizing this opportunity is a must in a digital society as we work through the COVID pandemic challenges. Learn more about the DIACC mandate

ABOUT KUMA

For almost a decade, Kuma has provided privacy, security and identity expertise to various local, state, and federal government agencies, non-profits, and businesses, often in highly regulated sectors. Trust is deeply ingrained in their ethos and is illustrated in the work they deliver in all engagements. Over the years, Kuma has gained and maintained customer confidence and built a reputation for customizing its cybersecurity services to meet the needs of small and large companies alike, while always grounded in national standards. Kuma rejects a “one-size fits all” approach, building long-standing working relationships with clients as they mature their security, privacy, and identity postures. For more information visit http://www.kuma.pro

ABOUT SEADOT

Seadot Cybersecurity is run by entrepreneurs with a strong focus on effective and efficient security. The founders have extensive experience in information security as well as IT-security. Seadot offers cybersecurity services to organizations with a high demand for regulatory compliance and security. Seadot clients have their main business within the Nordics and Northern Europe. Seadot services include: Information Security Management, Software Security, IT security Operations, and Cybersecurity Compliance. Seadot is a Kantara Initiative Accredited Assessor. 

Request for Comment and IPR Review: PCTF Assurance Maturity Model Draft Recommendation V1.0

This review period is officially closed. Thank you.

Notice of Intent: DIACC is collaborating to develop and publish a Pan-Canadian Trust Framework™ (PCTF) Assurance Maturity Model to set a baseline of public and private sector interoperability of identity services and solutions.

To learn more about the Pan-Canadian vision and benefits-for-all value proposition please review the Pan-Canadian Trust Framework Overview.

Document Status: This review document has been approved as a Draft Recommendation V1.0 by the DIACC’s Trust Framework Expert Committee (TFEC) that operates under the DIACC controlling policies.

Summary: It is essential that Participants in a digital ecosystem have a way to evaluate the robustness and trustworthiness of transactions within that ecosystem. In order to do so, Participants must share a common vocabulary that describes the level of confidence they can associate with an Entity or transaction, as well as a common way in which to determine that level of confidence.

In the Pan-Canadian Trust Framework™ (PCTF), a Level of Assurance (LoA) represents the level of confidence an Entity may place in the processes and other conformance criteria defined in any given component of the PCTF.  Levels of Assurance are elemental in creating networks of trust. Levels of Assurance models only work if all Participants in a digital ecosystem are able to interpret them consistently. It is therefore critical that all Participants in an ecosystem agree upon a minimum set of criteria for each Level of Assurance. Only then will a Relying Party in that ecosystem be able to properly evaluate the risks inherent in a relationship or transaction, and the Level of Assurance that can be placed in Participants, Credentials, and those transactions. The components of the PCTF describe the detailed conformance criteria that should be used to evaluate such Levels of Assurance in the context of a given PCTF component. This document provides guidance regarding how to use those criteria in order to properly classify Levels of Assurance.

Invitation: All interested parties are invited to comment.

Period: Opens: June 27, 2021 at 23:59 PT | Closes: July 28, 2021 at 23:59 PT

Document: PCTF Assurance Maturity Model

Intellectual Property Rights: Comments must be received within the 30-day comment period noted above. All comments are subject to the DIACC contributor agreement; by submitting a comment you agree to be bound by the terms and conditions therein. DIACC Members are also subject to the Intellectual Property Rights Policy. Any notice of an intent not to license under either the Contributor Agreement and/or the Intellectual Property Rights Policy with respect to the review documents or any comments must be made at the Contributor’s and/or Member’s earliest opportunity, and in any event, within the 30-day comment period. IPR claims may be sent to review@diacc.ca. Please include “IPR Claim” as the subject.

Process:

  • All comments are subject to the DIACC contributor agreement.
  • Submit comments using the provided DIACC Comment Submission Spreadsheet.
  • Reference the included PDF to include the corresponding line number for each comment submitted.
  • Email completed DIACC Comment Submission Spreadsheet to review@diacc.ca.
  • Questions may be sent to review@diacc.ca.

Value to Canadians: The PCTF Assurance Maturity Model will provide value to all Canadians, businesses, and governments by setting a baseline of business, legal, and technical interoperability. The DIACC’s mandate is to collaboratively develop and deliver resources to help Canadian’s to digitally transact with security, privacy, and convenience. The PCTF is one such resource that represents a collection of industry standards, best practices, and other resources that help to establish interoperability of an ecosystem of identity services and solutions. The DIACC is a not-for-profit coalition of members from the public and private sector who are making a significant and sustained investment in accelerating Canada’s Identity Ecosystem.

Context: The purpose of this Draft Recommendation review is to ensure transparency in the development and diversity of a truly Pan-Canadian, and international, input. In alignment with our Principles for an Identity Ecosystem, processes to respect and enhance privacy are being prioritized through every step of the PCTF development process.

DIACC expects to modify and improve this Draft Recommendation based upon public comments. Comments made during the review will be considered for incorporation into the next draft and DIACC will prepare a Disposition of Comments to provide transparency with regard to how each comment was handled. 

Thank you for your support and participation in this review period.