Biocryptology is committed to protect the quality and security of our processes, information systems, and the security and confidentiality of our customers’ information.
To that end, we continuously aim for the latest and most rigorous assurances available to end-users, corporate clients and governments alike.
Biocryptology is proud to announce that the following certifications have been obtained or are currently in the process of application.


The OpenID Foundation enables implementations of OpenID Connect to be certified to specific conformance profiles to promote interoperability among implementations. The foundation’s certification process utilizes self-certification and a conformance test suite developed by the foundation http://openid.net/certification


ISO/IEC 27001:2013

The ISO/IEC 27000 family of standards helps organizations keep information assets secure.
Using this family of standards will help your organization manage the security of assets such as financial information, intellectual property, employee details or information entrusted to you by third parties.


ISO 9001:2015

ISO 9001:2015 sets out the criteria for a quality management system and is the only standard in the family that can be certified to (although this is not a requirement). It can be used by any organization, large or small, regardless of its field of activity. In fact, there are over one million companies and organizations in over 170 countries certified to ISO 9001.


 Digital Signature
  • ISO 14533-1: Advanced Digital Signature CMS (CAdES)
  • ISO 14533-2: Advanced Digital Signature XML (XAdES)
  • ISO 14533-3: Advanced Digital Signature PDF (PAdES)
  • eIDAS Regulation (EU) 910/2014
Software (Back-End Servers)
  • OpenID Connect and SAML
  • FIPS 140-2 level 1, Security Requirements for Software Applications
  • ISO/IEC 15408 Common Criteria for Information Technology EAL4+
  • ISO/IEC 27034-1:2011 Security Techniques – Application Security OWASP
  • Application Security Controls Project OWASP


Software (Mobile App iOS/Android)
  • ISO/IEC 15408: Common Criteria for Information Technology EAL1+
  • US Government-Approved Protection Profile


Hardware Manufacturing
  • IPC-A-610: Acceptability of Electronic Assemblies
  • IEC 62321:2008: Electrotechnical Products – Determination of levels of six regulated substances (lead, mercury, cadmium, hexavalent chromium, polybrominated biphenyls, and polybrominated diphenyl ethers)
  • RoHS Compliant (Restriction of Hazardous Substances). The RoHS directive 2002/95/CE aims to restrict certain dangerous substances commonly used in electronics and electronic equipment.
  • IEC Electromagnetic Compatibility (EMC):
    • EN 61000-6-1:2007: Electromagnetic Compatibility (EMC) – Part 6-1: Generic standards – Immunity for residential, commercial and light-industrial environments
    • EN 61000-6-3:2007: Electromagnetic Compatibility (EMC) – Part 6-3: Generic standards – Emission standard for residential, commercial and light-industrial environments


Software Quality – Process – Testing
  • ISTQB (International Software Testing Qualifications Board) Methodology
  • ISO/IEC/IEEE 29119 Software Testing:
    • ISO/IEC 29119-1: Concepts and Definitions (published September 2013)
    • ISO/IEC 29119-2: Test Processes (published September 2013)
    • ISO/IEC 33063:2015 Process Assessment Model
    • ISO/IEC 33020:2015 Process Measurement Framework for Assessment of Process Capability
    • ISO/IEC 29119-3: Test Documentation (published September 2013)
    • ISO/IEC 29119-4: Test Techniques
    • ISO/IEC 29119-5: Keyword-Driven Testing

The ISO/IEC/IEEE 29119 standards replace several existing software testing standards:

  • IEEE 829: Test Documentation
  • IEEE 1008: Unit Testing
  • BS 7925-1: Vocabulary of Terms in Software Testing
  • BS 7925-2: Software Component Testing Standard

Optional Certifications (depending on client)

  • ANSI X9.31-1998: Digital Signatures Using Reversible Public Key Cryptography for the Financial Services Industry (rDSA)
  • ANSI X9.80: Prime Number Generation, Primality Testing and Primality Certificates
  • ISO/IEC 29115:2013: Entity Authentication Assurance Framework
  • ISO/IEC 29110: Small Organizations, Life Cycle Profiles and Guidelines
  • ISO/IEC 29100: Security Techniques
  • ISO/IEC 15504:2003 (uses the process model for ISO/IEC 12207:2002): Software Process Improvement Capability Determination (“SPICE”)
  • ISO 20000-1: 2011 and 20000-2: 2007: Information Technology Service Management and Information Security Management
  • ISO 28000/28001: Supply Chain Security Management Systems Package
  • ISO /IEC JTC 1/SC 37:2007: Harmonized Biometric Vocabulary
  • ISO/IEC 24759:2014: Information Technology – Security Techniques – Test Requirements for Cryptographic Modules
  • ANSI X9.62-2005: Public Key Cryptography for the Financial Services Industry
  • IEEE Std. 1363-2000: Standard Specifications for Public Key Cryptography
  • PKCS #13: Elliptic Curve Cryptography Standard
  • PCI DSS Compliant (Payment Card Industry Data Security Standard)
  • PIV-071006 and FIPS 201 standards. Specifies parameters that devices must meet to guarantee a correct acquisition of the fingerprint image for “Personal Identity Verification” (PIV). The requirements pertaining to those standards are:
    • Linearity
    • Geometric accuracy
    • Spatial frequency response
    • Signal-to-noise ratio
    • Fingerprint image quality
  • NIST – FIPS PUB 186-4: Digital Signature Standard (DSS)
  • ISO/IEC 25000:2014: Systems and Software Quality Requirements and Evaluation