Zygma’s Kantara Support Services
Zygma has unique understanding of the Kantara Initiative’s Identity Assurance Framework (IAF) – Zygma’s CEO, Richard Wilsher, was the principal architect of the IAF and principal author of the Service Assessment Criteria, the Assessor Qualifications and Requirements, and the IAF’s processes. Richard continues his association with Kantara as Technical Advisor to the Assurance Review Board, de facto Editor-in-Chief of the primary suite of documents and as a major contributoir to the applicable policies, practices and criteria. Our understanding of the IAF is unsurpassed. Add our auditing capabilities and we are able to offer the complete range of services described below
To date Zygma has worked with four CSPs towards the granting of six service approvals, acting as the Kantara Assessment Manager for one CSP, and as the Assessor for the other three CSPs. We think this is a track record which speaks for itself. We will be happy to provide you with contact details for referees from any of these clients.
Zygma’s Kantara Support Services are offered at Assurance Levels 1, 2, 3 and 4, and at IAL2/3 and AAL2/3.
In addition Richard Wilsher is currently drafting and supporting through review new criteria to address IAL3, AAL3 and FAL2/3.
Service pre-assessment review:
Review of your proposed assessment evidence to determine its readiness for submission. This may be done either as a stand-alone assessment, i.e. as a first-party audit executed entirely on your behalf prior to you being audited by another party, or as a readiness assessment prior to Zygma performing the formal Kantara-required third-party Service Assessment (see below).
This service will review the presentation of the Applicant’s material and will either:
a) provide specific guidance on further evidential requirements and recommendations for fulfilling any shortcomings in that evidence (where Zygma has no arrangement with the Applicant to act as its Accredited Assessor), or
b) indicate non-conformities with Kantara’s evidential requirements as set out in the applicable SACs (where Zygma is contracted by the Applicant to act as its Accredited Assessor).
Kantara Service Assessment:
As one of Kantara’s Accredited Assessors Zygma is able to undertake an assessment of your Identity / Credentialing Service under any of the Kantara IAF scenarios – at Assurance Levels 1, 2, 3 & 4, and IAL2/3 & AAL2/3, and whether for Component Service or Full Service Approval. As the principal architect of the Kantara IAF we have some unique approaches to performing our assessments, which will be generally based upon ISO/IEC 17021/27006/27007 principles or can become formally-based upon IS27006 if the client so desires.
Kantara Assessment Support / Management:
As already indicated, Zygma can work side by side with its clients to guide them through the processes of getting their service and internal operations ready for a successful assessment, or can go so far as to take on the responsibility to manage the assessment application and get the service through to the conclusion of the assessment, ultimately leading to a grant of Approval. Of course, this still requires the client to provide the responsive resources necessary to bring the organization into line with Kantara’s criteria. Whatever the depth of involvement, Zygma’s broader expertise can be brought into play to ensure that the client’s information security accommodates other obligations, such as FISMA, HIPAA, IS27001, etc.
Whatever your needs concerning Kantara Approval, Zygma is your best and most experienced option. Call or email to arrange a no-obligation discussion about your needs and how Zygma can help you fulfill them.