Compliance & Standards

Our platform is built on Microsoft Azure and aligns with AAMVA guidance for DL/ID style credentials.
Below is a concise overview of the frameworks and standards we rely on.

See Platform Features
Microsoft Azure

Azure Trust & Compliance (Highlights)

All ID PaaS services run on Azure. Azure maintains third party attestations and certifications across numerous global and sector standards. Here are key highlights our customers care about most.

ISO/IEC 27001

Information Security Management System (ISMS). Azure’s certification underpins secure operations, controls, and continuous improvement.

Azure

SOC 2 Type II

Independent audit of security, availability, confidentiality, and related controls across Azure services.

Azure

ISO/IEC 27701

Privacy Information Management extension to ISO 27001, supports robust governance of personal data.

Azure

ISO/IEC 27018

Public cloud controls for protecting personally identifiable information (PII) in cloud environments.

Azure

FedRAMP (U.S.)

Azure offerings include FedRAMP authorizations used by U.S. public sector workloads (program and boundary dependent).

Azure

CJIS

Azure supports law enforcement workloads via CJIS aligned controls and agreements (jurisdiction dependent).

Azure

HIPAA/HITECH

Azure enters into BAAs and provides guidance for handling ePHI on the platform when configured appropriately.

Azure

PCI DSS

Azure provides PCI DSS validated services used to build cardholder data environments when required.

Azure

GDPR & CCPA

Azure provides tools, DPAs, and features to help controllers/processors meet privacy obligations.

Azure

Important: These certifications/attestations are held by Microsoft for Azure services. Your program’s compliance depends on configuration and shared responsibility controls across Azure, ID PaaS, and your organization. Formal evidence can be provided upon request.

AAMVA

AAMVA DL/ID Standards Alignment

For jurisdictions and programs that model U.S. driver license/ID credentials, we implement features aligned to AAMVA guidance.

DL/ID Card Design Standard

Layout and data element guidance (portrait placement, mandatory/optional fields) for interoperable, verifiable cards.

AAMVA

Security Framework

Best practice physical security features (e.g., OVDs, microtext, UV) and supplier guidance to deter fraud and tampering.

AAMVA

Note: AAMVA does not “certify” products. We implement card designs and data structures consistent with published AAMVA guidance and specific program requirements.

Shared Responsibility

Azure provides certified infrastructure; ID PaaS secures the platform and production workflow; your agency defines issuance policies and approvals.

  • Cloud: datacenters, networking, physical security
  • Platform: access control, logging, encryption, fulfillment
  • Program: authorizers, data retention, policy enforcement