- TRUST FRAMEWORK FOR DIGITAL IDENTITY
- Trust Framework Authority
- Share your information in a digital format
- Benefits of using digital identity services
- Trust Framework Authority accreditation mark
- Trust Framework legislation
- Administering bodies
- Trust Framework Register
- Accreditation & maintenance
- Forms and guidance
- Independent evaluators
- Resources
- Make a complaint
Applications for an additional digital identity service
This guidance applies when a digital identity provider already accredited to provide a digital identity service intends to apply to the Trust Framework Authority for accreditation of an additional service.
Contact the Trust Framework Authority at TFA@dia.govt.nz who will arrange to meet with you and discuss what will be required for your application.
Any applications for a new service will need to meet the Act, Regulations and Rules are in place on the date the application for a new service is submitted.
Where parts of a previous application can be reused, any new questions or new requirements in place will also need to be evaluated and assessed.
The following general advice applies:
| Application area | Whether required | What is required in an application for an additional service for an accredited provider |
| Provider questions | Yes |
Only answer the questions in the application form where there has been a change, or where a different response applies for the additional service. For example, there may a different contact person or different individuals involved in the governance or the management, design or delivery of the service. Only provide documents where there has been a change. |
| Conformance against the New Zealand Identification Standards | Yes | A full evaluation is required. |
| Trust Framework Authority Service Assessment | Yes |
This is required in full and includes:
|
| Privacy | Yes |
Only answer the questions in the privacy application form where there has been a change, or where a different response applies for the additional service. Only provide documents where there has been a change. You will ned to complete a new Privacy Impact Assessment for the additional service. |
| Security | Yes |
Review the list of controls used for the original service and identity where these will be reused and where different controls will apply. Review the list of risks for each service and which ones will apply for the additional service. Where the previous evaluation took place in the last 12 months, relevant parts of it may be reused. The parts of the previous evaluation to be reused must be agreed with the independent evaluator as part of agreeing the scope of the independent security evaluation. |
Refer to the Trust Framework Authority application guidance for providers for the requirements for each area of the application. This is available on the Forms and Guidance section of our website.
Ensure that you use the most up to date version of the application form, also available on the Forms and Guidance section of our website.
