ISO 5009 – Identifying organisational roles
ISO, or the International Standards Organization, is an independent body that provides standards. The standard is meant to define the quality, safety, and efficiency of the products or services provided by a business.
In 2022, the organisation developed a new standard, ISO 5009, to recognise official organisational roles in a business entity with digital IDs, which can authenticate the identity of authorised representatives for meeting the KYC and related regulatory requirements of business transactions.
The Global Legal Entity Identifier Foundation (GLEIF) first proposed the idea of ISO 5009, intending to bring clarity and structure to the information in the two LEI-based digital tools.
The standard, ISO 5009, is used to verify the identity and position of individuals representing an organisation (like a business or company) and is intended for inclusion in current and future digital assets. This will be achieved through the global uniformity of two digital assets under the Legal Entity Identifier (LEI) digital ID umbrella: verified LEI (vLEI) and digital certificates embedded with LEIs.
An LEI is a 20-character, alpha-numerical code based on ISO 17442 that links to reference information that identifies legal entities participating in financial transactions. It is a universal identifier that answers the entity’s ownership structure, ‘who is who’ and ‘who owns whom.’
Since an individual cannot obtain an LEI, the vLEI can fill in some gaps. When an entity receives a vLEI, ISO 5009 can issue credentials to authorised members of the organisation, which covers the LEI, the individual’s name, and official organisational roles. ISO 5009 will specify the optional role extension contained in an X.509 public-key certificate (a digital certificate used in many internet protocols) with embedded LEIs as outlined in ISO 17442 for digital certificates embedded with LEIs.
ISO says the 5009 standards can be used as an effective and universal way to authenticate people who act on behalf of organisations. This includes signing documents that need verification with absolute certainty, such as sensitive business deals, company agreements, etc.