BS ISO IEC 30124:2015 pdf free download – Code of practice for the implementation of a biometricsystem
6.1 About recognition systems
Recognition of people goes back a long way using non-automated means, either through familiarity or throughthe use of documents. Large scale automated recognition of people has only become possible since theinvention of the computer. This advance has created efficient and convenient applications that were notpreviously possible.
A recognition system includes the management and processes to support the recognition of people as well asthe actual recognition mechanism.The mechanism could be a biometric system, a password or PlN system, atoken system or a combination of systems. It is important for the recognition systems to perform verification ofthe individual’s lD before being added to a recognition system A recognition system is normally part of a broader application, such as a time and attendance system.Theapplication will also have its own associated management and processes.
The collective management and processes of the biometric system, recognition system and the applicationwill in practice not have clear demarcation and can often consist of the same personnel and be described inthe same supporting documentation.
The relationship between a biometric system and a recognition system for a given application is shown inFigure 1.
6.1.A biometric system, in comparing biometric features, does not actually identify individuals. Any perception ofidentity is only ever obtained by reference to some earlier registration and enrolment process where non-biometric data are collected and linked to the biometric data. it is therefore more accurate to use the termbiometric recognition rather than identification and for that reason this Standard will use recognition as thepreferred term.
Biometric recognition differs from other recognition methods such as smart cards, photo lD, PINs, passwordsor memorable information (e.g. birth date or mother’s maiden name). lt uses biometric characteristics that arestrongly linked to the individual being recognized(the “subject”, e.g. customers accessing a service,employees gaining access to a building and people obtaining lunches in a canteen).This provides a higherlevel of confidence in the person making the claim, provided that systems are wel-designed, implementedcorrectly and operated in a secure way.Subject to such provisos, a biometric recognition service can operateremotely from the individual, making it more convenient, and not revealing any other personal details.Remoteoperation (example use of face recognition cameras for access control) can have privacy implications.Adequate signage should be provided and may be required by law.
These factors are included because they are either specific to a biometric system or important in addressingthe ethical concerns raised when introducing such a system.Note that some factors, such as cost and projectrisk, are not discussed in detail in this code of practice as they are general considerations that could equallyapply to the implementation of any technology.
Whilst these factors are listed separately for convenience, they are interdependent and, as such, cannot beconsidered in isolation. Therefore， planning for the implementation of a biometric system is a process ofselection and trade-off, with trade-of decisions being made on the basis of finding the right balance betweenall these factors through an iterative process.
In addition, proper consideration of all these factors, without prior engagement with stakeholders could resultin the selection of a biometric system that fails to deliver the results for which it is intended.Therefore,stakeholder engagement is highlighted here as an important factor to be considered at an early stage inplanning for implementation.Stakeholders, including potential biometric data subjects, should be engaged atan early stage when preparing for the use of a biometric system in order to communicate the reasons for itsuse and to identify and address any concerns, particularly in relation to privacy and data protection.
The success of a biometric system is critically dependant upon the extent to which users want it to succeed,and in this regard is probably more vulnerable to adverse perceptions than most types of technology. “Users”in this context includes not only the subjects whose biometric characteristics will be used, but also attendants,administrators,supervisors and those who have to maintain the biometric system.