Laboratory Accreditation Process

The full accreditation process and requirements for laboratories is defined in the Biometric Laboratory Accreditation Policy.

The following list provides a high level overview over the accreditation procedure.

  1. As a first step, the candidate lab shall review the FIDO Security Biometric Accreditation Policy and ensure to meet the minimum third-party accreditation requirements (below).
  2. Then, the candidate laboratory may complete the FIDO Accreditation Application Form and submit it to FIDO Alliance’s biometric secretariat.
  3. If the application is approved, an on-boarding call with the biometric certification secretariat will be scheduled
  4. The next step is the core of the accreditation process. FIDO Alliance’s biometric certification secretariat will review the application form submitted by the candidate laboratory and work together with the representative of the laboratory to make sure that the laboratory fulfills all technical and legal requirements.
  5. Eventually, a dedicated training is scheduled with the laboratory. All dedicated biometric testers shall attend the training and have to pass an exam.
  6. The last step of the accreditation process concerns the organizational aspects to set up the laboratory with FIDO Alliance. The laboratory has to pay their accreditation fees and create a FIDO account for approved evaluators.

The following sections provide more information about the requirements that a biometric laboratory has to meet.

Biometric Laboratory Accreditation Requirements

FIDO Alliance’s criteria for biometric laboratories has been developed in a way that facilitates the re-use of pre-existing accreditations.

The requirements for biometric laboratories can be split into: a) general requirements for laboratories (based on ISO/IEC 17025); and, b) requirements on the technical competence of the laboratory.

General requirements

As a baseline, compliance to ISO/IEC 17025 is a prerequisite for all laboratories and can be shown through a third-party accreditation. If no existing accreditation can be used to show the adherence of the laboratory to this baseline standard, the laboratory may decide to either undergo accreditation with its national accreditation body or may also decide to show adherence to the criteria directly to FIDO Alliance in the course of the accreditation process.

Requirements on technical competence

In addition to the requirements from ISO/IEC 17025, the laboratory must show its technical competence in the area of biometric performance testing and PAD testing.

From a technical standpoint, this means that the laboratory shall be able to perform testing in compliance with the following ISO/IEC programs.

ScopeProgramArea of Accreditation
ISO/IEC 19795-1:2006 (ISOIEC-19795-1)Information TechnologyBiometric performance testing and reporting-Part 1: Principles and framework
ISO 30107:2007Information TechnologyBiometric presentation attack detection — Part 3: Testing and reporting

Competence to test according to the aforementioned standards can either be shown to FIDO in the course of the accreditation or be proven by re-using existing accreditations.

Accreditations from the following programs can be used as evidence:

ProgramAccreditationScopeURL
NIST NVLAPBiometric Testing30/BTA Biometrics Testing and Analysis30/ST Scenario Testing – Human Crew (Laboratory)30/SLT System Level Testing (Enrollment/Verification)30/CPST Conformance to Performance Specifications Testinghttps://www.nist.gov/nvlap/biometrics-testing-lap
Common CriteriaCommon Criteria Licensed LabMust meet evaluated an implementation against one of the Protection Profiles listed in the table below.https://www.commoncriteriaportal.org/labs/

In order for a Laboratory to claim Common Criteria (CC) Accreditation as evidence for the Accreditation Application the Laboratory must have performed an evaluation against at least one of the following Protection Profiles, OR provide evidence of using [CAFVM] or [BEAT]. The reason for this additional requirement lays in the fact that the Common Criteria is a very generic standard and a pure accreditation according to Common Criteria does not show any biometric competence of the candidate laboratory.

Common Criteria Protection Profiles:

Protection ProfileVersion/DateCC VersionURL
Biometric Verification  Mechanisms Protection Profile1.3: 7 August 20083.1 Revision 2https://www.commoncriteriaportal.org/files/ppfiles/pp0043b.pdf
Fingerprint Spoof
Detection Protection Profile
1.7: 27 November 20093.1 Revision 2https://www.commoncriteriaportal.org/files/ppfiles/pp0062b_pdf.pdf
Fingerprint Spoof Detection Protection Profile1.8: 25 January 20103.1 Revision 3https://www.bsi.bund.de/SharedDocs/Zertifikate_CC/PP/aktuell/PP_0063.html

Laboratory Accreditation Fees

The following fees apply to Laboratory Accreditation:

Fee TypeMemberNon-Member
Initial Accreditation Fee*$11,500 USD$15,000 USD
Yearly Fee^$3,800 USD$5,000 USD
Renewal Assessment Fee$11,500 USD$15,000 USD

Initial Accreditation Fee

The Initial Accreditation Fee is due prior to the issuance of the Laboratory Accreditation Certificate.

Yearly Fee

The yearly fee will be due yearly on the Certificate Issuance date. The Yearly Fee does not apply on years where there is a Renewal Assessment Fee.

Renewal Assessment Fee

The Renewal Assessment fee will be due every three years from the Certificate Issuance date. Laboratories are required to complete the Renewal Assessment process prior to the expiration of their Certificate.

*FIDO Alliance has special pricing for labs that are seeking, or wishing to add, more than one type of lab accreditation (i.e. biomtetric and security). Please contact certification@fidoalliance.org for this special pricing.


Implementer Dashboard

Implementers can Login to view their Dashboard.