Laboratory Accreditation Process
The full accreditation process and requirements for laboratories is defined in the Biometric Laboratory Accreditation Policy.
The following list provides a high level overview over the accreditation procedure.
- As a first step, the candidate lab shall review the FIDO Security Biometric Accreditation Policy and ensure to meet the minimum third-party accreditation requirements (below).
- Then, the candidate laboratory may complete the FIDO Accreditation Application Form and submit it to FIDO Alliance’s biometric secretariat.
- If the application is approved, an on-boarding call with the biometric certification secretariat will be scheduled
- The next step is the core of the accreditation process. FIDO Alliance’s biometric certification secretariat will review the application form submitted by the candidate laboratory and work together with the representative of the laboratory to make sure that the laboratory fulfills all technical and legal requirements.
- Eventually, a dedicated training is scheduled with the laboratory. All dedicated biometric testers shall attend the training and have to pass an exam.
- The last step of the accreditation process concerns the organizational aspects to set up the laboratory with FIDO Alliance. The laboratory has to pay their accreditation fees and create a FIDO account for approved evaluators.
The following sections provide more information about the requirements that a biometric laboratory has to meet.
Biometric Laboratory Accreditation Requirements
FIDO Alliance’s criteria for biometric laboratories has been developed in a way that facilitates the re-use of pre-existing accreditations.
The requirements for biometric laboratories can be split into: a) general requirements for laboratories (based on ISO/IEC 17025); and, b) requirements on the technical competence of the laboratory.
As a baseline, compliance to ISO/IEC 17025 is a prerequisite for all laboratories and can be shown through a third-party accreditation. If no existing accreditation can be used to show the adherence of the laboratory to this baseline standard, the laboratory may decide to either undergo accreditation with its national accreditation body or may also decide to show adherence to the criteria directly to FIDO Alliance in the course of the accreditation process.
Requirements on technical competence
In addition to the requirements from ISO/IEC 17025, the laboratory must show its technical competence in the area of biometric performance testing and PAD testing.
From a technical standpoint, this means that the laboratory shall be able to perform testing in compliance with the following ISO/IEC programs.
|Area of Accreditation
|ISO/IEC 19795-1:2006 (ISOIEC-19795-1)
|Biometric performance testing and reporting-Part 1: Principles and framework
|Biometric presentation attack detection — Part 3: Testing and reporting
Competence to test according to the aforementioned standards can either be shown to FIDO in the course of the accreditation or be proven by re-using existing accreditations.
Accreditations from the following programs can be used as evidence:
|30/BTA Biometrics Testing and Analysis30/ST Scenario Testing – Human Crew (Laboratory)30/SLT System Level Testing (Enrollment/Verification)30/CPST Conformance to Performance Specifications Testing
|Common Criteria Licensed Lab
|Must meet evaluated an implementation against one of the Protection Profiles listed in the table below.
In order for a Laboratory to claim Common Criteria (CC) Accreditation as evidence for the Accreditation Application the Laboratory must have performed an evaluation against at least one of the following Protection Profiles, OR provide evidence of using [CAFVM] or [BEAT]. The reason for this additional requirement lays in the fact that the Common Criteria is a very generic standard and a pure accreditation according to Common Criteria does not show any biometric competence of the candidate laboratory.
Common Criteria Protection Profiles:
|Biometric Verification Mechanisms Protection Profile
|1.3: 7 August 2008
|3.1 Revision 2
Detection Protection Profile
|1.7: 27 November 2009
|3.1 Revision 2
|Fingerprint Spoof Detection Protection Profile
|1.8: 25 January 2010
|3.1 Revision 3
Laboratory Accreditation Fees
The following fees apply to Laboratory Accreditation:
|Initial Accreditation Fee*
|Renewal Assessment Fee
Initial Accreditation Fee
The Initial Accreditation Fee is due prior to the issuance of the Laboratory Accreditation Certificate.
The yearly fee will be due yearly on the Certificate Issuance date. The Yearly Fee does not apply on years where there is a Renewal Assessment Fee.
Renewal Assessment Fee
The Renewal Assessment fee will be due every three years from the Certificate Issuance date. Laboratories are required to complete the Renewal Assessment process prior to the expiration of their Certificate.
*FIDO Alliance has special pricing for labs that are seeking, or wishing to add, more than one type of lab accreditation (i.e. biomtetric and security). Please contact email@example.com for this special pricing.
Implementers can Login to view their Dashboard.