This content is currently in Alpha
Third Party Identity Services Assurance Framework
Supporting identity services provided by business to government
The Third Party Identity Services Assurance Framework is an Australian Government approach for accreditation of identity services offered by commercial service providers to government agencies. The Assurance Framework describes 4 levels of assurance (LOA) with performance outcomes and standards for identity service providers working with government.
The Assurance Framework is based on an understanding that users should have choice about which service they use to access digital government services. It also states users should not be forced to hold multiple credentials to access the range of government services they need.
Policy requirement: agencies that use the following identity services should use providers accredited under the Third Party Identity Services Assurance Framework at the appropriate level of assurance.
Identity services covered by the Assurance Framework:
- verification services, which enable people to have claims regarding their identity or other attributes verified online
- authentication services, which provide people with credentials (for example, a username and password) to enable access to a variety of digital services
- digital mailboxes, which enable people to receive correspondence from participating agencies in a single digital inbox
- personal data vaults, which enable people to store and retrieve their personal data electronically, including the storage of electronic copies of personal records such as birth certificates.
Assurance Framework documents (Version 2.0 December 2015):
- Third Party Identity Services Assurance Framework PDF (789 KB)
- Third Party Identity Services Assurance Framework DOCX (109 KB)
- Information Security Registered Assessors Program (IRAP) PDF (1.1 MB)
- Information Security Registered Assessors Program (IRAP) DOCX (125 KB)
- Compliance Audit Guide PDF (682 KB)
- Compliance Audit Guide DOCX (117 KB)
- Identity and Access Management Glossary PDF (901 KB)
- Identity and Access Management Glossary DOCX (98 KB)
The Assurance Framework is underpinned by these Australian Government security frameworks:
- Protective Security Policy Framework (PDF 210 KB)
- Information Security Manual
- Australian Privacy Principles.
The Assurance Framework is also informed by these policy frameworks:
- National e-Authentication Framework
- Gatekeeper Public Key Infrastructure (PKI) Framework
- National Identity Security Strategy
- National Identity Proofing Guidelines.
If you are an Information Security Registered Assessor contracted by a service provider to undertake an IRAP assessment, you can request a service provider’s list of approved documents by contacting email@example.com
Accredited service providers
The following service has been granted accreditation by the Assurance Framework Competent Authority.
|Provider||Service type||Assurance levels||Accreditation date|
|Australia Post (MyPost)||Digital Mailbox||LOA 3||23 April 2014|
The following services are undergoing Assurance Framework accreditation.
- Veda Advantage - Verification Service Provider; LOA 1, 2 and 3
- One Check - Verification Service Provider; LOA 1, 2 and 3
- Fuji Xerox - Digital Mailbox; LOA 3
Last updated: 5 January 2016