When we’ve spoken to members of the public and to businesses across the economy about adopting digital identity services, one message has been clear: it’s hard to know what good looks like.
That’s why the government has created the UK digital identity and attributes trust framework. Or just ‘the trust framework’, for short.
A collection of rules and standards
The trust framework is a document of rules for creating a good digital identity and attributes service. It sets the minimum quality standard the government expects to see from a reliable, secure and trustworthy service.
The trust framework was created in collaboration with industry, academia, civil society groups and members of the public. We intend to review and refresh it every year to ensure it stays up-to-date.
For the first time in the UK, every business has a clear, consistent vocabulary for the creation and use of digital identities and attributes. The trust framework is already enabling businesses to start confidently using digital identity services in their day-to-day operations.
For example, hundreds of thousands of digital identity and attribute checks are now taking place each month, off the back of the trust framework and its rules.
No one, right way to build a product or service
The trust framework doesn’t say exactly how to build a product or service. That’s because there isn’t only one “right way” to create a digital identity service, and we want to enable the private sector to innovate, whilst setting clear guard rails.
So, instead of detailed, onerous requirements, we’ve taken a technology-agnostic and standards-based approach. We define the outcome a service provider needs to achieve, rather than the methods they must use to get there.
Unless it’s absolutely necessary, we also don’t tell companies which technologies they must use, or the exact content of their policies. Instead, we point to existing, internationally-recognised standards and approaches that we think represent best practice.
For example, to meet the rules of the trust framework, a provider must have service and quality management processes in place. We recommend that these processes follow standards such as ISO 9001, ISO 20000-1 or the Information Technology Information Library (ITIL); but any process could be suitable provided it can meet the same levels of quality as those set out in these standards.
Find out more
We’ve already published three successive versions of the trust framework. Over 50 services have been certified against our latest publication.
If you'd like to find out more, you can find the most recent version and previous versions of the trust framework on GOV.UK.
Sign up to email alerts to receive an update whenever we publish a new blog post.
Leave a comment