ISO 5009 – Identifying organizational roles
ISO, or the International Standards Organization, is an independent body that provides standards. The standard is meant to define the quality, safety, and efficiency of the products or services provided by a business.
In 2022 the organization came out with a new standard, ISO 5009: to recognize official organizational roles in a business entity with digital IDs, which can be used to authenticate the identity of authorized representatives for meeting the KYC and related regulatory requirements of business transactions.
The Global Legal Entity Identifier Foundation (GLEIF) first proposed the idea of ISO 5009 to bring clarity and structure to the information held in the two LEI-based digital tools.
The standard, ISO 5009, is used to verify the identity and position of individuals representing an organization (like a business or company) and is intended for inclusion in current and future digital assets. This will be achieved through the global uniformity of two digital assets under the Legal Entity Identifier (LEI) digital ID umbrella: verified LEI (vLEI) and digital certificates embedded with LEIs.
An LEI is a 20-character, alpha-numerical code based on ISO 17442 that links to reference information that identifies legal entities participating in financial transactions. It is a universal identifier that answers the entity’s ownership structure, ‘who is who’ and ‘who owns whom.’
Since an individual cannot obtain an LEI, the vLEI can fill in some gaps. When an entity receives a vLEI, ISO 5009 can issue credentials to authorized members of the organization, which covers the LEI, the individual’s name, and official organizational roles. ISO 5009 will specify the optional role extension contained in an X.509 public-key certificate (a digital certificate used in many internet protocols) with embedded LEIs as outlined in ISO 17442 for digital certificates embedded with LEIs.
ISO says the 5009 standards can be used as an effective and universal way to authenticate people who act on behalf of organizations. This includes signing documents that need verification with absolute certainty, such as sensitive business deals, company agreements, etc.