Audit of compliance of identification measures (initial and periodic)

Obserwatorium biz » Financial sector

An audit of compliance of electronic identification measures is an independent, expert assessment of an electronic identification system in terms of its compliance with legal, organizational, and technical requirements specified for a medium level of security, in accordance with EU and national regulations. The purpose of the audit is to confirm the compliance of the electronic identification system operating within an organization (e.g., a bank or financial institution) with the provisions issued on the basis of Article 8(3) of the eIDAS Regulation (910/2014). It also identifies any areas that need improvement before the service is launched or during its cyclical operation.

The audit may be:  

  • initial– carried out before the launch of the electronic identification service,  
  • cyclical – carried out periodically to confirm that the system remains compliant.  

Table of contents: 

Who is this offer for?  

The audit offer is addressed to banks, financial institutions, and public and private entities that implement or develop electronic identification systems. In particular, we target organizations that integrate with MojeID, Profil Zaufany, or the national node, as well as trust service providers who need to confirm that their solutions comply with eIDAS requirements and national regulations.  

How do we work within the audit?  

The compliance audit includes a comprehensive verification of the organizational and technical mechanisms of a planned or already operating electronic identification management service, which is implemented in www and mobile channels.

Legal basis for the audit   

We conduct the audit based on current regulations, in particular:

  • eIDAS Regulation (910/2014) – Article 8 (security levels),
  • Implementing Regulation 2015/1502 – requirements for security levels,
  • Act on Trust Services and Electronic Identification (including the national node),
  • Act on the mObywatel application.  

Substantive scope of the audit  

The audit includes, among other things:  

  • analytical work based on the documentation provided,  
  • analysis of the electronic identification system implemented or operating as part of the MojeID / Trusted Profile integration,  
  • definition of the electronic identification measure,  
  • determination of its scope of operation.  

At the end of the project, we prepare a comprehensive audit report that includes:

  • an assessment of compliance with the requirements of Regulation 2015/1502,
  • a detailed description of the actual state of affairs in the areas examined,
  • recommendations for corrective or improvement measures, if required,
  • an extract from the audit report – a summary required by the Ministry of Digital Affairs as a separate audit product.    

Benefits of conducting an audit  

An audit provides not only formal confirmation of compliance, but also practical guidance that supports the secure and compliant operation of an electronic identification service.  

Conducting an audit of the compliance of electronic identification measures allows you to:  

  • meet the requirements of regulators and supervisory authorities,  
  • minimize legal, operational, and reputational risks,  
  • prepare your organization for the launch or development of eID services,  
  • increase the security level of user registration and authentication processes,  
  • obtain independent, expert confirmation of compliance,  
  • organize documentation and organizational processes,  
  • support dialogue with public administration and supervisory institutions.  

Please contact our representative directly – we will be happy to discuss the scope of the audit and possible forms of support tailored to your individual needs.

Our clients     

The competence of our team has been recognized by many companies and institutions operating on the Polish and foreign markets in recent years.These include leading Polish banks, other financial institutions, public administration bodies, and Polish and foreign trust service providers.  

About Obserwatorium.biz 

We are a team of experts with extensive experience in managing technological and business projects. In our consulting activities, we focus on a universal approach to issues related to digital identity and trust services, such as electronic signatures, e-delivery, and electronic attestations of attributes. When implementing projects, we take into account the technological, standardization, and business aspects, as well as the user’s perspective. Our main clients are trust services and digital identity solution prviders, financial institutions and public administration.

Our mission is to inspire and share our expertise with our clients. We want to support them in building and applying digital identity solutions and trust services. We believe that by doing so, we are contributing to making the world a safer and more connected place.

Would you like to receive an offer? Fill out the form: