What is DIATF / Digital Verification Services (DVS)?

The UK Digital Identity and Attributes Trust Framework (DIATF) is the government's certification scheme for organisations that provide or rely upon digital identity verification. Organisations that achieve certification are listed on the official Digital Verification Services (DVS) register; a signal to customers, partners, and regulators that their identity processes meet a rigorous, independently audited standard. For sectors such as financial services, recruitment, property, and professional services, where right-to-work, anti-money laundering, and know-your-customer checks are daily business, DVS certification is rapidly moving from competitive differentiator to baseline expectation. Inform-ISO guides organisations through the full certification journey: from readiness assessment and gap analysis, through policy and process alignment, to audit preparation and submission. Whether you are building a digital identity product or embedding compliant verification into your existing workflows, we provide the structured, expert support to get you on the register, and keep you there.

Internal Auditing Services

— ISO framework specialists —

Risk Management Support Services

Transforming Risk into Resilience

‍At Inform-ISO Limited, we specialise in delivering robust, practical, and tailored risk management support aligned with ISO27001:2022.

Our approach ensures your organisation not only meets certification requirements but builds a resilient information security posture that protectsyour most valuable assets.

‍Our Step-by-Step Risk Management Process

‍We guide organisations through a structured and repeatable risk management process, starting with the foundation of a comprehensive Information Asset Register (IAR). Every asset, whether digital, physical, or human, is assessed for its role in your information ecosystem.

Asset Identification and Classification

‍We begin by helping you build or refine your Information Asset Register.

This includes:
Identifying all information assets (e.g., databases,applications, devices, personnel, suppliers). Classifying assets by confidentiality, integrity, andavailability (CIA) requirements. Mapping asset ownership and dependencies.

Risk Assessment

‍Each asset is then assessed using our proven methodology:·
Threat Identification: We identify potential threats(e.g., cyberattacks, insider threats, environmental risks). Vulnerability Analysis: We evaluate how susceptible each asset is to those threats. Impact and Likelihood Scoring: Risks are scored based on their potential impact and likelihood, using either qualitative or quantitative models tailored to your organisation.

— our approach —

Our Approach

Risk Analysis

‍We analyse the risks associated with each asset to determine which risks are acceptable based on your organisation’s risk appetite. Which risks require treatment. How risks interrelate across departments and systems. This analysis is documented in a Risk Register, which becomes a living tool for decision-making and continuous improvement.

Risk Treatment

‍In line with ISO 27001:2022 Clause 6.1.3, we support you in selecting and implementing appropriate risk treatment options.
‍
Avoidance: Removing the risk source.·
Mitigation: Applying controls to reduce likelihood or impact.·
Transfer: Outsourcing or insuring against the risk.·
Acceptance: Acknowledging the risk when it falls within tolerance.

We align treatments with Annex Acontrols and your Statement of Applicability (SoA), ensuring traceabilityand audit readiness.

Monitoring and Review

Risk management is not a one-time exercise. We help you:
‍
Establish monitoring mechanisms.·
Conduct regular reviews and updates.
Integrate risk management into your ISMS lifecycle and internal audit programme.

Coming Soon
Automated Risk Management

Book a Free Consultation

A line curve with growing light blue dots

Risk Management Support Services

Our Approach

Coming SoonAutomated Risk Management

Coming Soon
Automated Risk Management