ISO/IEC 29115 · Entity Authentication Assurance · Evidence & Implementation Kit
Build authentication assurance to ISO 29115, without designing the levels-of-assurance model yourself.
Every ISO 29115 element handed to you as an adopt-ready control, from selecting a level of assurance from risk through enrolment, credential management and the authentication phase, with the evidence an assessor examines.
Assurance-ready in a weekend, not a quarter.
Here is the honest situation. ISO/IEC 29115 is the international framework for entity authentication assurance: four levels of assurance selected from risk, and a lifecycle of enrolment, identity proofing, credential management and authentication, with the rigour scaling to the level. It is the model behind many national identity schemes. Turning it into a documented assurance program, with proofing procedures, credential controls and the evidence, is real work, and a level of assurance that does not match the risk is the first thing an assessor challenges.
This Kit removes that design. It is every ISO 29115 element written as an adopt-ready control you personalize in a weekend, with the evidence an assessor examines.
What you get, the moment you buy
31
Elements as adopt-ready controls. Every ISO 29115 element, from level-of-assurance selection through enrolment, identity proofing, credential management and authentication, written so you personalize and apply it, with rigour scaling to the level.
31
Evidence-they-examine checklists. For each control, exactly what an assessor examines, plus the finding they most often raise, so you close it before the review.
1
Authentication Assurance Control Matrix, pre-built. Every control in a working spreadsheet, ready to record status and evidence location across the identity lifecycle.
1
Gap & Readiness Assessment. Score each control and the workbook returns your readiness as a single percentage, and exactly what to fix next.
Grounded in the ISO/IEC 29115 entity authentication assurance framework, with the four levels of assurance and the enrolment, credential and authentication phases called out. Editable Word and Excel files.
The level of assurance must match the risk
The spine of ISO 29115 is selecting a level of assurance from the assessed risk, then scaling proofing, credential strength and authentication to it. This Kit builds that selection and the phase controls, so the assurance you claim is the assurance you can actually evidence.
What one control looks like
This is the definition and selection of the levels of assurance, where the whole framework begins. All 31 are built to this depth.
EAA-1 Level of assurance definitions and adoption ASSURANCE LEVELS
Implement this control
[Organization] shall formally adopt the four levels of entity authentication assurance, defining LoA1 as little or no confidence, LoA2 as some confidence, LoA3 as high confidence, and LoA4 as very high confidence in a claimed identity, and shall document how each level maps to its own transactions, services, and credential types so that every party interprets assurance consistently.
Practitioner note.
The four levels are ordinal; each higher level assumes all controls of the levels beneath it.
Evidence an assessor examines
- Assurance policy document defining LoA1 through LoA4
- Mapping table linking each service or transaction to a required LoA
- Records of relying-party agreement to the assurance definitions
- Version history showing review and approval of the definitions
Common finding they raise: Assurance levels are referenced informally but not defined in policy, so different teams interpret "high assurance" differently.
Why this is not another template pack
- The evidence is the point. An assurance claim you cannot evidence is a liability. This tells you exactly what an assessor examines and the finding they raise, for every control.
- Risk-driven, like the framework. The level of assurance is selected from risk and scales every downstream control, exactly as ISO 29115 intends, not a flat checklist.
- Built on a mapped compliance corpus, not one person's opinion, from a graph of thousands of controls across standards.
- It compounds. ISO 29115 aligns with NIST 800-63 digital identity guidance, so this work feeds a broader identity assurance program.
Who buys this
Identity providers, digital service operators, and the security and identity leads who own authentication assurance, plus consultants building an identity scheme. Whether it is a first assurance program or an audit, you save weeks and walk in with the levels and lifecycle controls ready.
By the end of the weekend you will have
✓ An adopt-ready control for all 31 elements
✓ A completed authentication assurance control matrix
✓ The evidence an assessor examines
✓ Your levels of assurance selected from risk
✓ A readiness percentage and a fix list
✓ The common findings closed before review
Common questions
Is it really editable? Yes. Word and Excel files you own and adapt. No portal, no subscription.
What are levels of assurance? Four levels, from low to very high, selected from the risk of getting authentication wrong. Each scales the proofing, credential and authentication controls, and this Kit builds that.
How does it relate to NIST 800-63? ISO 29115 aligns closely with the NIST digital identity guidelines, so the controls carry across if you also work to 800-63.
Does it cover credential management? Yes. The full credential lifecycle, creation, issuance, storage, revocation and renewal, is its own control group.
What if it is not for me? A 30-day money-back guarantee.
Do not design an assurance framework from scratch.
Every ISO 29115 element is fast to adopt with the Kit. It is instant, and it is guaranteed.
Add it to your cart and build authentication assurance this weekend.
Instant digital download · 30-day money-back guarantee · The Art of Service Pty Ltd, GPO Box 2673, Brisbane QLD 4001 · support@theartofservice.com