Outlier Compliance Group

Role(s)

• Audit
• Broker
• Consulting
• Service Integrator
• Service Provider
• Other - Specify

Capability(ies)

• Attribute Broker
• Attribute Provider
• Audit IAM
• Audit InfoSec
• Audit QA
• Audit Risk
• Authentication 
• Authorization
• Client Identity Verification
• Consulting IAM
• Consulting InfoSec
• Consulting QA
• Consulting Risk
• Credential Issuer or Provider
• Federated Attributes 
• Federation Operator
• Identity Proofing
• Identity Provider
• Integration
• Managed Hosting
• Network Operator
• Relying Party or Verifier
• Validating Identity Claims
• Wallet Provider
• Other - specify

Client Identity Verification Methods

• Government-issued photo identification method
• Credit file method
• Dual process methodology

Audiences

• Public Sector Individuals (G2C)
• Public Sector Organizations (G2B)
• Public Sector Internal Services (G2)
• Private Sector Businesses (B2B)
• Private Sector Consumers (B2C)
• International and NGO
• Other - specify

Sectors and Use Cases

• Academia and Research
• Agriculture
• Construction
• Financial Services
• Healthcare & Social Services
• Legal / Law 
• Manufacturing 
• Natural Resources 
• Property Services 
• Public Sector 
• Retail & Wholesale Trade
• Technology & Innovation 
• Tourism & Hospitality
• Transportation & Logistics 
• Other - specify

Adoption Communities

• Public sector
• Large organizations
• Small organizations
• Consumer direct
• Other - specify

Jurisdiction(s)

• Canada
• Asia Pacific
• Europe
• Indo Pacific
• North America
• Latin America
• Caribbean
• Global
• Other - specify

Operational Language(s)

• English
• Canadian French
• Other - specify

Technical Support Language(s)

• English
• Canadian French
• Other - specify

Platform(s) Availability

• Apple app store
• Google app store
• Embedded in client app
• Microsoft app
• In-person scanner (hardware)
• Other - specify
• None

Cost Model

• Time period flat fee
• Pay per use
• Mixed flat and use
• Other - specify
• Not Applicable

Service Design Principles

• Accessibility 
• Auditability
• Combats fraud
• Creates efficiencies
• Diversity, equitability, and inclusion
• Personal data choice and control
• Privacy protection and enhancement
• Transparent governance and operations
• User-friendly
• Not applicable

Design Tools

• Assurance and risk management framework(s)
• Codes of practice
• Community practice guides 
• Industry, National, International Standards
• Open source code
• Regulatory guidance
• Third-party assessment services
• Other - specify
• Not applicable

Protocols Supported

• API
• DIDCom (decentralized identifiers)
• FIDO
• Hyperledger Indy Aires
• Oauth
• OpenID
• SAML
• UDAP
• UMA
• Other - specify
• Not applicable

Image Standards Supported

• GIF
• JPEG
• PNG
• TIFF
• ISO IEC19794-5 (Passport Image Standard)
• Proprietary Standards
• Other - specify
• Not applicable

Process Standards Considered

• AODA
• ETSI EN 301 549 
• HIPAA 
• GSA Section 50
• ISO/IEC 27001
• ISO/IEC 27018
• ISO 30107-3
• ISO 90001
• NIST 800-63
• SOC 2 Type 1
• SOC 2 Type 2
• WCAG
• WCAG 2.0 (ISO/IEC40500)
• WCAG 2.1
• Other - specify
• not applicable

Accreditations and Certifications

• AODA tested
• FIDO® Certified
• ETSI EN 301 549 
• GIAC GSNA
• GSA Section 508
• HIPAA self-attest
• Institute of Internal Auditors, Certified Internal Auditor
• ISACA CISA
• ISO/IEC 27001 ISMS
• ISO/IEC 27001 ISMS Lead Auditor
• ISO/IEC 27018
• ISO 30107-3
• ISO 90001
• IRCA ISMS Auditor
• NIST 800-63
• OpentID Certified
• SOC 2 Type 1
• SOC 2 Type 2
• WCAG
• WCAG 2.0 (ISO/IEC40500)
• WCAG 2.1
• Other - specify
• Not applicable

Pan-Canadian Trust Framework (PCTF)

Jurisdictional Privacy Law Compliance

• Canada
• Asia Pacific
• Indo Pacific
• Europe
• North America
• South America