What is Assurance Level?
Assurance Level is a term to describe the degree of confidence in the registration and authentication processes. Below are their detailed descriptions:
| Definition | Example | |
|---|---|---|
 | No or little confidence in the asserted identity's validity. This assurance level is only sufficient when there will be NO (or MINIMAL) risk for a compromise. The authentication mechanism can provide some assurance that the same user is accessing the service, transaction or data. | A customer presents a self-registered user ID that allows him/her to create a personalized homepage or receive e-newsletter. A third party gaining unauthorised access to the ID might infer information about the personal preference, but such risks are generally very minimal. |
 | Moderate confidence in the asserted identity's validity. This assurance level is sufficient when a compromise will have LOW risk. | Authentication is required for a customer to check the processing status of a transaction. The associated risks are not high if the application does not disclose sensitive information. |
 | High confidence in the asserted identity's validity. This assurance level is sufficient when a compromise will lead to MODERATE risk. | Remote access to medical records of a patient or a financial account that involves sensitive personal information. |
 | Very high confidence in the asserted identity's validity. This assurance level is required when a compromise will lead to HIGH risk. | Unauthorised access could lead to compromised investigations or hindrance to the detection of criminal violations. |
|