Relying party assessment

We perform an extensive Relying Party (RP) assessment on our clients, prior to them becoming a paying customer, to ensure they have the appropriate capabilities and competencies to obtain certain credentials. This assessment is therefore different for the various tiers of clients, as not all tiers are allowed to process sensitive data.

Topics

Key topics assessed in the RP assessment include, but are not limited to:

• Maturity of organization. What is the internal control environment of the RP?
• Scope. Are the requested attributes in line with what the organization is capable of requesting, safeguarding and required to provide their service or deliver their product?
• Privacy officer. Does the RP have a Privacy officer in place that ensure compliancy to GDPR and other data protection legislation?
• Senstitive attributes. If a RP requires or requests the BSN, or national identity number, does it have the legal grounds to process this BSN? We verify if the RP is listed on the 'Autorisatielijst BSN-gerechtigden'.

Interval

The RP is updated regulary based on developments in the legal domain (such as eIDAS2.0, GDPR, etc.), internal developments and periodic review to ensure the assessment is up to standards.

Reevaluation

All clients RP are re-assessed on a yearly basis to monitor for changes and updates that potentially require additional procedures.