Certification
If a Part or Section in the trust framework applies to your role, then all of the rules in that Part or Section apply to your service. Your service must conform with all of the “must” rules, and service providers can choose whether or not to implement any “could” rules.
You can avoid your service falling off the GOV.UK register by asking your conformity assessment body to complete your recertification process up to 60 days early. You won't lose the remaining time on your current certificate if you do this, and it will help you to avoid any unnecessary disruption.
Getting onto the GOV.UK register of digital identity and attribute services is not an automatic process. It can take up to 20 working days for your service to appear on the register.
We’ve been asked variously for some kind of document with a gap analysis or assimilation matrix. We don't have one. This is why.
You want to tell people that your service is certified and on the GOV.UK register of digital identity and attribute services. What should you say and what shouldn't you?
The gamma (0.4) publication of the UK digital identity and attributes trust framework introduces certification for "component services". You don't have to use certified components – but you'll probably want to.
This blogpost explains how service providers who are already certified against the trust framework can ‘uplift’ to the new version.
This blogpost explains the new approach to certification of white label services against the gamma (0.4) trust framework.
How can we be confident that the trust framework rules are being followed? That’s the role of “conformity assessment”.
