UNIFY Solutions was recently engaged by a New Zealand government agency that is responsible for providing services to both New Zealander citizens and visitors to New Zealand. To support its future strategy, the agency plans to deliver secure online services to its broad range of customers through its proposed digital channel.
The agency recognised that Citizen Identity and Access Management capabilities are critical to the protection of customer privacy and the delivery of secure services. In partnership with Axenic(providing information security, privacy and risk consulting), UNIFY (providing the Citizen Identity and Access management) was engaged to develop a customer IAM framework to establish guidelines, components and functional capabilities of the IAM Service that will underpin all digital channel services.
The resulting Framework incorporated:
- A risk-based model that defined a risk and privacy impact assessment approach to the design and implementation of all online services;
- Support for the broad range of customers that included clients, employer organisations, service providers and other vendors and community groups;
- An identity registration model for each Customer segment and the range of identity types/roles within each segment incorporating Evidence of Identity and Evidence of Relationship mechanisms;
- Authentication services provided by external providers such as RealMe;
- Authorisation model that is aligned to customer roles to manage the access entitlements of each identity;
- Support for a single identity record for an individual who has multiple roles as well as supporting multiple identity records for an individual;
- Audit logging, reporting and analysis services; and overarching governance and monitoring processes.
This successful engagement highlights the value UNIFY brings to its customers, and also the specialist offerings UNIFY can provide in coordination with our partners such as Axenic.
About Axenic
Axenic was founded in 2009, with the idea was simple: provide high-quality information security and privacy advice to help and support clients to achieve their business goals and objectives.
Using recognised frameworks, standards and methodologies to deliver consistent, repeatable, traceable and defendable advice - rather than unspecified “best practice” or unsupported opinions. Delivered by experts with extensive real world experience across both the public and private sectors.
Learn more about Axenic on their website.