https://gdsdata.blog.gov.uk/identity-assurance-service-assessment/

Identity Assurance – Service Assessment

The Identity Assurance service allows users to access secure government services after being accredited by a third party (such as the Post Office or Verizon). The service will act as a platform and work across many government departments on GOV.UK.
https://gds.blog.gov.uk/2014/01/23/what-is-identity-assurance/

Name of Service:
Identity Assurance

Department / Agency:
CO / GDS

Date of Assessment:
28/01/2014

Moving to:
Private Beta

Result:
Pass

Lead Assessor:
N. Williams

Service Manager:
S. Dunn

Digital Leader:
P. Maltby


Assessment report

The Identity Assurance Service is seeking permission to continue development as it moves from alpha to private beta.

Outcome of service assessment

The assessment panel concluded the IDA service has shown sufficient progress and evidence of meeting the pre-April 2014 criteria and should proceed to private beta.

Reasons

The service is meeting user needs has done extensive user testing with real users. The assessment panel were impressed with the frequency of testing and the degree to which the team is making iterative, frequent changes based on user feedback.

The assessment panel were also satisfied that the service is secure and users’ privacy is being protected. The service has planned to undertake a comprehensive IT health check and will take appropriate action based on findings to ensure the service is safe.

Other recommendations

During the private beta, GDS recommend the IDA team holds a workshop with GOV.UK interaction designers and content designers to ensure that the service is as closely aligned and integrated as possible with start and done pages for relying party services on GOV.UK.

GDS recommend that you put resources in place to regularly review and interpret the analytics data you collect and use it in combination with user research to improve the service.

The service team should ensure that third party identity providers are made aware of their responsibilities under the law (data protection, cookies, etc).

Following discussions around the establishment of trust in the privacy protections in place GDS would recommend establishing a formal third party audit mechanism. The suggested ombudsman may fulfil this role and GDS would expect something in place, or a clear plan of action, at the next assessment.

Next steps

This service has been given approval to launch as a private beta service.

Summary

The assessment panel were very impressed with the work so far and expect this to continue for the ongoing development of the service.