ISO 5009 – Identifying organizational roles
ISO or the International Standards Organization is an independent body that provides standards. The standard is meant to define the quality, safety, and efficiency of the products or services provided by a business.
In 2022 the organization came out with a new standard ISO 5009: to recognize official organizational roles in a business entity with digital IDs, which can be used to authenticate the identity of authorized representatives for meeting the KYC and related regulatory requirements of business transactions.
The Global Legal Entity Identifier Foundation (GLEIF) first proposed the idea of ISO 5009 with the aim to bring clarity and structure to the information held in the two LEI-based digital tools.
The standard, ISO 5009, is used to verify the identity and position of individuals who represent an organization (like a business or company) and is intended for inclusion in current and future digital assets. This will be achieved through global uniformity of two kinds of digital assets under the Legal Entity Identifier (LEI) digital ID umbrella: verified LEI (vLEI) and digital certificates embedded with LEIs.
An LEI is a 20-character, alpha-numerical code based on ISO 17442 that links to reference information that identifies legal entities participating in financial transactions. It is a universal identifier that provides answers about the entity’s ownership structure, “who is who” and “who owns whom”.
Since an individual cannot obtain an LEI, the vLEI will be able to fill in some gaps. The moment an entity receives a vLEI, ISO 5009 can issue credentials to authorized members of the organization which cover the LEI, the individual’s name, and official organizational roles. ISO 5009 will specify the optional role extension contained in an X.509 public-key certificate (a digital certificate used in many internet protocols) with embedded LEIs as outlined in ISO 17442 for digital certificates embedded with LEIs.
ISO says the 5009 standard can be used as an effective and universal way to authenticate people who act on behalf of organizations. This includes signing documents that need verification with absolute certainty, such as sensitive business deals, agreements between companies, etc.