Certifications

CERTIFICATIONS

Biocryptology is firmly committed to protect the quality and security of its processes and information systems as well as the security and confidentiality of its customers’ and users’ information. To that end, we strive to implement the most rigorous and up-to-date quality and safety measures to end-users, corporate clients and governments alike.

This commitment is evidenced by our Integrated Quality Management and Information Security System, the protocols supported by Biocryptology and the optional certifications we provide:

 

Integrated Quality Management and Information Security System:

 

In order to assure the satisfaction of our customers and users, the quality of our products and services and the security of our information assets, we have implemented an Integrated Quality Management and Information Security System that includes the development, support and commercialization of biometric identification systems.

Our Integrated System, which has been certified by the global certification company BSI, is based on the requirements established by the standards ISO 9001:2015 and ISO/IEC 27001:2014.

 

ISO/IEC 27001:2014 – Sistemas de Gestión de la Seguridad de la Información

The ISO/IEC 27000 family of standards facilitates the assurance, confidentiality and integrity of company data and information. This set of standards helps organizations manage the security of assets such as financial information, intellectual property, employee data, or information entrusted to them by third parties. More information at:

https://www.iso.org/isoiec-27001-information-security.html

 

ISO 9001:2015 – Quality Management Systems

The ISO 9001:2015 standard sets the criteria for a Quality Management System that enables the continuous management and control of quality in all processes. It is the most widely recognized quality management standard and is accepted internationally as a guarantee of quality management. More information at:

https://www.iso.org/iso-9001-quality-management.html

 

To find out more, read our quality and security policy here.

 

Supported Protocols:

 

OPEN ID CONNECT

A Single Sign-On (SSO) digital identification standard that enables users to be identified via authentication by an OpenID provider.

The OpenID Foundation enables implementations of OpenID Connect to be certified to specific conformance profiles to promote interoperability among implementations. The foundation’s certification process utilizes self-certification and a conformance test suite developed by the foundation. More information at: http://openid.net/certification.

 

SAML

Security Assertion Markup Language. A standard, based on XML and developed by the OASIS Security Services Technical Committee that optimizes security, privacy and access to user accounts. With SAML, the identity, attributes and ownership of a user can be confirmed to organizations and entities such as a company, a partner or a business application, simplifying the registration and access process for users.

 

Upcoming Certifications:

 

DIGITAL SIGNATURE

  • ISO 14533-1: Advanced Digital Signature CMS (CAdES)
  • ISO 14533-2: Advanced Digital Signature XML (XAdES)
  • ISO 14533-3: Advanced Digital Signature PDF (PAdES)
  • eIDAS Regulation (EU) 910/2014

 

SOFTWARE (BACK-END SERVERS)

  • OpenID Connect and SAML
  • FIPS 140-2 level 1, Security Requirements for Software Applications
  • ISO/IEC 15408 Common Criteria for Information Technology EAL4+
  • ISO/IEC 27034-1:2011 Security Techniques – Application Security OWASP
  • Application Security Controls Project OWASP

 

 SOFTWARE (MOBILE APP IOS/ANDROID)

  • ISO/IEC 15408: Common Criteria for Information Technology EAL1+
  • US Government-Approved Protection Profile

 

HARDWARE MANUFACTURING

  • IPC-A-610: Acceptability of Electronic Assemblies
  • IEC 62321:2008: Electrotechnical Products – Determination of levels of six regulated substances (lead, mercury, cadmium, hexavalent chromium, polybrominated biphenyls, and polybrominated diphenyl ethers)
  • RoHS Compliant (Restriction of Hazardous Substances). The RoHS directive 2002/95/CE aims to restrict certain dangerous substances commonly used in electronics and electronic equipment.
  • IEC Electromagnetic Compatibility (EMC):
    • EN 61000-6-1:2007: Electromagnetic Compatibility (EMC) – Part 6-1: Generic standards – Immunity for residential, commercial and light-industrial environments
    • EN 61000-6-3:2007: Electromagnetic Compatibility (EMC) – Part 6-3: Generic standards – Emission standard for residential, commercial and light-industrial environments

 

SOFTWARE QUALITY – PROCESS – TESTING

  • ISTQB (International Software Testing Qualifications Board) Methodology
  • ISO/IEC/IEEE 29119 Software Testing:
    • ISO/IEC 29119-1: Concepts and Definitions (published September 2013)
    • ISO/IEC 29119-2: Test Processes (published September 2013)
    • ISO/IEC 33063:2015 Process Assessment Model
    • ISO/IEC 33020:2015 Process Measurement Framework for Assessment of Process Capability
    • ISO/IEC 29119-3: Test Documentation (published September 2013)
    • ISO/IEC 29119-4: Test Techniques
    • ISO/IEC 29119-5: Keyword-Driven Testing

 

The ISO/IEC/IEEE 29119 standards replace several existing software testing standards:

  • IEEE 829: Test Documentation
  • IEEE 1008: Unit Testing
  • BS 7925-1: Vocabulary of Terms in Software Testing
  • BS 7925-2: Software Component Testing Standard

 

On Demand Certifications:

 

  • ANSI X9.31-1998: Digital Signatures Using Reversible Public Key Cryptography for the Financial Services Industry (rDSA)
  • ANSI X9.80: Prime Number Generation, Primality Testing and Primality Certificates
  • ISO/IEC 29115:2013: Entity Authentication Assurance Framework
  • ISO/IEC 29110: Small Organizations, Life Cycle Profiles and Guidelines
  • ISO/IEC 29100: Security Techniques
  • ISO/IEC 15504:2003 (uses the process model for ISO/IEC 12207:2002): Software Process Improvement Capability Determination (“SPICE”)
  • ISO 20000-1: 2011 and 20000-2: 2007: Information Technology Service Management and Information Security Management
  • ISO 28000/28001: Supply Chain Security Management Systems Package
  • ISO /IEC JTC 1/SC 37:2007: Harmonized Biometric Vocabulary
  • ISO/IEC 24759:2014: Information Technology – Security Techniques – Test Requirements for Cryptographic Modules
  • ANSI X9.62-2005: Public Key Cryptography for the Financial Services IndustryIEEE Std. 1363-2000: Standard Specifications for Public Key Cryptography
  • PKCS #13: Elliptic Curve Cryptography Standard
  • PCI DSS Compliant (Payment Card Industry Data Security Standard)
  • PIV-071006 and FIPS 201 standards. Specifies parameters that devices must meet to guarantee a correct acquisition of the fingerprint image for “Personal Identity Verification” (PIV). The requirements pertaining to those standards are:
      • Linearity
      • Geometric accuracy
      • Spatial frequency response
      • Signal-to-noise ratio
      • Fingerprint image quality
  • NIST – FIPS PUB 186-4: Digital Signature Standard (DSS)
  • ISO/IEC 25000:2014: Systems and Software Quality Requirements and Evaluation

ID FRAUD &
DATA BREACHES

UPCOMING
LEGISLATION

TECHNOLOGY
ADVANCEMENTS

CONSUMER
ACCEPTANCE