OUR GOVERNANCE FRAMEWORK
Our governance framework defines the roles, responsibilities, and relationships among stakeholders, outlining their obligations, rights, and accountability within our credentialing ecosystem.
ISSUING BODIES
Roles and Responsibilities: Issuing bodies are responsible for the accurate and secure issuance of identity credentials. They should verify the identity and qualifications of applicants, ensure the integrity of the credentialing process, and maintain up-to-date and reliable records
Obligations: Issuing bodies should adhere to legal and regulatory requirements, follow established policies and procedures, safeguard personal data, and provide clear and transparent information to credential holders regarding the terms and conditions of their credentials.
Rights: Issuing bodies have the right to set eligibility criteria for credentials, revoke or suspend credentials when necessary, and collaborate with verifying entities to ensure the proper verification and acceptance of credentials.
Accountability: Issuing bodies should be accountable for the accuracy and reliability of the credentials they issue. They should establish internal quality assurance mechanisms, address complaints or disputes, and participate in regular audits or assessments to ensure compliance with the governance framework.
VERIFYING ENTITIES
Roles and Responsibilities: Verifying entities play a crucial role in verifying the authenticity and validity of identity credentials. They should have reliable mechanisms in place to verify credentials, maintain data confidentiality during the verification process, and make informed decisions based on the verified information.
Obligations: Verifying entities should adhere to agreed-upon verification protocols, protect the privacy of the credential holders during the verification process, maintain accurate records of verification outcomes, and promptly report any suspicious or fraudulent activity related to credentials.
Rights: Verifying entities have the right to request and rely on valid credentials for the purposes of employment, service provision, or regulatory compliance. They can also provide feedback to issuing bodies regarding the effectiveness and usability of credentials.
Accountability: Verifying entities are accountable for ensuring the accuracy and integrity of the verification process. They should have processes in place to address disputes or discrepancies arising from credential verification and should cooperate with audits or assessments conducted by oversight bodies.
CREDENTIAL HOLDERS
Roles and Responsibilities: Credential holders are responsible for safeguarding and appropriately using their identity credentials. They should provide accurate and up-to-date information during the application process, use credentials only for authorized purposes, and report any loss or compromise of credentials.
Obligations: Credential holders should comply with the terms and conditions set by the issuing bodies, inform relevant parties about any changes to their credentials, and use their credentials in a manner that does not violate applicable laws or regulations.
Rights: Credential holders have the right to access and control their own credential data, decide when and where to share their credentials, and receive clear information about the purposes for which their credentials are used.
Accountability: Credential holders are accountable for the accuracy and truthfulness of the information provided during the credentialing process. They should report any misuse or unauthorized use of their credentials to the appropriate authorities.
REGULATORS AND COMPLIANCE AUTHORITIES
Roles and Responsibilities: Regulators and compliance authorities oversee the implementation and compliance with laws, regulations, and standards related to identity credentials. They should provide guidance, enforce compliance, and investigate any breaches or non-compliance within the credentialing ecosystem.
Obligations: Regulators and compliance authorities should establish clear guidelines and requirements for issuing and verifying credentials, conduct regular assessments or audits to ensure compliance, and take appropriate actions against non-compliant entities.
Rights: Regulators and compliance authorities have the right to access relevant data and records related to credential issuance and verification for the purpose of regulatory oversight and enforcement.
Accountability: Regulators and compliance authorities are accountable for enforcing the governance framework, addressing complaints or breaches, and ensuring the integrity and trustworthiness of the credentialing ecosystem.
TECHNOLOGY PROVIDERS
Roles and Responsibilities: Technology providers develop and provide the technological infrastructure, platforms, and systems used in the issuance, verification, and management of identity credentials. They should ensure the security, interoperability, and reliability of their solutions.
Obligations: Technology providers should follow best practices in data security and privacy, maintain regular updates and patches to address vulnerabilities, provide technical support to stakeholders, and comply with relevant industry standards and regulations.
Rights: Technology providers have the right to protect their intellectual property, ensure the proper use of their technologies, and collaborate with other stakeholders to improve the overall credentialing ecosystem.
Accountability: Technology providers are accountable for the reliability and functionality of their solutions. They should promptly address any technical issues or vulnerabilities, adhere to service-level agreements, and participate in security audits or assessments.
PRIVACY AND DATA PROTECTION EXPERTS
Roles and Responsibilities: Privacy and data protection experts provide guidance and expertise on ensuring the privacy, security, and compliance of identity credential systems. They advise on best practices, review policies and procedures, and help identify and mitigate privacy risks.
Obligations: Privacy and data protection experts should stay updated on relevant privacy laws and regulations, assist in conducting privacy impact assessments, provide recommendations for data protection measures, and help resolve privacy-related concerns or complaints.
Rights: Privacy and data protection experts have the right to access relevant data and information for the purpose of privacy assessments and ensuring compliance with privacy regulations.
Accountability: Privacy and data protection experts are accountable for providing accurate and up-to-date guidance on privacy and data protection matters. They should maintain the confidentiality of sensitive information and avoid conflicts of interest
STAKEHOLDER ASSOCIATIONS AND ADVOCACY GROUPS
Roles and Responsibilities: Stakeholder associations and advocacy groups represent the interests of specific stakeholder groups within the credentialing ecosystem. They advocate for the rights and concerns of their constituents, provide feedback on policies and practices, and promote collaboration among stakeholders.
Obligations: Stakeholder associations and advocacy groups should engage in constructive dialogue with other stakeholders, provide input on the development and improvement of the governance framework, and raise awareness about the rights and responsibilities of their respective constituents.
Rights: Stakeholder associations and advocacy groups have the right to advocate for the interests of their constituents, access relevant information necessary for their advocacy work, and participate in stakeholder meetings or forums.
Accountability: Stakeholder associations and advocacy groups are accountable for representing the interests of their constituents accurately and responsibly. They should act in a transparent and accountable manner and foster collaboration among stakeholders.
END-USERS AND THE GENERAL PUBLIC
Roles and Responsibilities: End-users and the general public interact with the credentialing system as employers, service providers, or individuals relying on verified credentials. They should respect the privacy and confidentiality of credential holders, use verified credentials responsibly, and provide accurate information when relying on credentials.
Obligations: End-users and the general public should familiarize themselves with the requirements and processes for verifying credentials, report any suspicions or fraudulent activities, and follow applicable laws and regulations when relying on credentials for decision-making.
Rights: End-users and the general public have the right to rely on valid and verified credentials for the purposes of employment, service provision, or regulatory compliance. They can also provide feedback to the issuing bodies and verifying entities regarding the effectiveness and usability of credentials.
Accountability: End-users and the general public are accountable for making informed decisions based on verified credentials, reporting any discrepancies or issues with the credentials, and complying with legal requirements when relying on credentials.
AUDIT AND OVERSIGHT BODIES
Roles and Responsibilities: Audit and oversight bodies are responsible for conducting audits, assessments, or evaluations to ensure compliance with the governance framework. They should provide independent and objective evaluations, identify areas of improvement, and recommend corrective actions.
Obligations: Audit and oversight bodies should have access to relevant data and records, conduct thorough and unbiased assessments, provide reports and recommendations to stakeholders, and ensure the confidentiality of sensitive information obtained during the auditing process.
Rights: Audit and oversight bodies have the right to request information necessary for their audits, access relevant systems and documents, and collaborate with other stakeholders to improve compliance and accountability.
Accountability: Audit and oversight bodies are accountable for conducting fair and transparent audits, addressing non-compliance or breaches, and promoting continuous improvement within the credentialing ecosystem.
LEGAL AND POLICY EXPERTS
Roles and Responsibilities: Legal and policy experts provide guidance on legal and regulatory requirements related to identity credentials. They help draft policies, review agreements and contracts, and ensure compliance with applicable laws and regulations.
Obligations: Legal and policy experts should stay updated on relevant laws and regulations, provide legal advice on the development and implementation of the governance framework, and assist in addressing legal issues or disputes that arise within the credentialing ecosystem.
Rights: Legal and policy experts have the right to access relevant legal and policy documents, collaborate with stakeholders to ensure compliance, and provide legal opinions and recommendations.
Accountability: Legal and policy experts are accountable for providing accurate and up-to-date legal guidance, maintaining confidentiality of sensitive information, and addressing legal issues or concerns in a timely and professional manner.
By clearly defining the roles, responsibilities, obligations, rights, and accountability of each stakeholder within the governance framework, it creates a structured and coordinated approach to managing identity credentials, ensuring transparency, privacy, and security throughout the credentialing ecosystem.