The institution establishes a legally valid, efficient and secure means of maintaining an association between a user and a mobile device when a transaction is performed.
Such user identification will be required for several intermediate and advanced services.
Guideline code
ICT_04700
Mechanism
Mechanism
- The ICT and business units should draw up a list of the services in which to utilize user identification methods, based on the range of mobile devices in use.
- The ICT unit should develop the technical design for the user identification mechanism based on institutional technical standards and the operational framework, and coordinate its implementation.
- The management should ensure technical and operational coordination with telecommunications companies within the framework of existing agreements; this includes defining the necessary protocols for access to user identification data so as to associate such data with that held by the institution.
- The management, with the assistance of specialized units, should organize security audits so as to guarantee compliance with policies on the protection of personal data.
- The management should ensure the necessary human resources training, service disclosure and follow-up on service quality, which are crucial elements to success, in accordance with the operational framework.
Parent
Structure
Structure
- The management should establish the relevance and priority for the institution of utilizing mobile device-based user identification methods.
- The management should entrust to the ICT unit or another specialized unit the selection of services likely to utilize device-based identification.
- The management should review and, as appropriate, update institutional definitions of valid forms of user identification, establishing policies and rules for their coexistence.
- The management should establish policy on the privacy of information stored for identification purposes, based on current legislation.
- The management should conclude the necessary agreements with telecommunications companies for the maintenance of the various forms of identification.
- The implementation of mobile-based identification mechanisms should proceed in accordance with the operational framework, in particular by conforming with the technological standards.
Title HTML
Guideline 37. Mobile device-based user identification
Type
Guideline_1
Weight
50