Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Decoding ISO definitions is both an art and science.

ISO definitions use the 'replacement rule' approach - this means that wherever a defined term appears in text, the reader can directly substitute the definition and the resulting text shall make sense.

Or, in ISO Directives-speak: "The definition shall be written in such a form that it can replace the term in its context."


So, when you read the following description of Identity Assurance, these defined terms come into play:

SC 27/WG 5 describes Identity Assurance as:

  1. identity assurance is the term used to describe an assured process where:

    1. An identity is established through verification of a set of identity attributes using acceptable evidence or validated systemically against an authoritative data source; then

    2. This identity is bound to the entity.

    3. The outcome of the process is one or more assured identifiers that can be used as the basis for authentication.

    4. The process and the organization operating the process are assured in accordance with a defined policy that includes:

      1. A governance body or authority;

      2. A policy specification that is systemized in a process;

      3. One or more organizations that operate the process;

      4. The detection of policy violations, anomalies and indicators of compromise, and actions to address them;

      5. One or more organizations that assure and enforce the process and the processing organizations.



  • No labels