Good morning everyone, Following our initial discussions with Carol and Kay, we wanted to provide an update on the evolving structure of the trust mark program and the key areas requiring focused attention. NEW PROGRAM ORGANIZATION Kantara has determined that a Certification Board will be established to oversee the structure, policies, and governance of the certification process. This board will be a new addition to the US Program and will be responsible for defining and maintaining the assessment criteria used in evaluations, ensuring alignment with accreditation requirements while maintaining the integrity and independence of the program. Separately, the Assurance Review Board (ARB) will continue to be responsible for evaluating applications and making certification determinations.   A Stakeholder Group will provide a forum for industry engagement, program feedback, and broader ecosystem needs. While IAWG may continue in this capacity, its role will evolve as new structures are established. SEPARATING REQUIREMENTS FROM ASSESSMENT CRITERIA In addition to these structural changes, a significant body of work will be the separation of requirements from assessment criteria, which will provide a structured foundation for evaluation. While current certifications align with NIST guidance, that framework was not designed as a structured set of certifiable requirements. For example, the NIST guidelines do not number individual requirements, making citation difficult and creating ambiguity when referencing specific provisions. Without clear identifiers, it becomes challenging to ensure consistency across implementations. Additionally, NIST does not explicitly assign responsibilities when multiple providers are involved in an identity proofing or authentication process. A provider may use one vendor for credential analysis, another for database checks, and a third for trusted referees. However, NIST does not clarify which requirements must be met by the primary provider versus their service providers, making compliance determinations unclear. Finally, much of the NIST language is written as guidance rather than strict requirements. While this flexibility is valuable in many contexts, certification requires well-defined, testable criteria to ensure consistent evaluations. To create a scalable and certifiable model, there is a need to define structured requirements, which the Certification Board will then use to develop assessment criteria. This distinction is critical to ensuring consistency, transparency, and adaptability in certification. ADDRESSING CURRENT WORK In response to concerns raised about the current work, IAWG will continue maintaining and managing the existing SAC. We recognize that there are outstanding items that must be addressed promptly, and we are committed to ensuring that necessary updates and clarifications are made as this transition progresses. NEXT STEPS We are working to define how best to organize the effort to develop requirements and are seeking input from those interested in contributing to this work. If you’d like to be involved, please let us know. To continue this discussion, I am calling the next meeting for Thursday, March 13. We will outline the approach, discuss opportunities for engagement, and address any outstanding questions. Yehoshua -- Yehoshua Silberstein | Senior Counsel, Product Compliance R&D yehoshua@proof.com (857) 577-8144 Notarize is now a Proof brand 🎉 We hope you love our new look and feel as much as we do! NOTICE: This email may contain proprietary, business-confidential, and/or privileged material. If you are not the intended recipient, please delete this message and notify the sender immediately. Any unauthorized use is strictly prohibited. This email does not constitute a signed writing for purposes of a binding contract.