NSL Services Ltd

NSL Valid8 - Identity and Right to Work checking

NSL Valid8 enables users to authenticate documents, verify identity and decide on individuals’ right to enter, remain, work, rent or access services. Users can compare an identity document automatically with a reference database of over 3,000 passport, ID card, driving licence and visa types and establish validity in seconds.


  • World's most comprehensive identity/immigration documentation reference database
  • Real-time checking
  • No requirement to send original documents
  • Comprehensive reporting and notifications
  • Audit trail
  • Access to help desk for complex cases (documents of doubt)
  • No specialist skills or experience required
  • Multi-language capability
  • Browsable, comprehensive library of identity/immigration documents


  • Provides real time validation of identity
  • Provides authentication of identity/immigration documents
  • Provides assurance, increases security and reduces risk
  • Legal defence - reasonable steps taken to prove identity
  • Provides automatic prompt of identity/immigration document expiry
  • Reduces insider security threat by identifying fraudulent applications.
  • Quick and efficient
  • Eliminates need for personal knowledge of ID documentation
  • Reduces recruitment cost by identifying ineligible applicants


£1.40 to £2.00 per transaction

  • Free trial available

Service documents

G-Cloud 10


NSL Services Ltd

Craig Scott

077342 062031


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Hybrid cloud
Service constraints The service is available 24 x 7 but the help line service is available Mon- Fri 9am – 5pm excluding English bank holidays. The expert advisory helpline can be made available to clients outside these standard hours at additional cost.
Planned maintenance will be necessary, during which the system is not available. However, we schedule planned maintenance for evenings and weekends to minimise disruption. We will notify customers in advance of planned maintenance activity.
System requirements
  • Internet access
  • Basic ability to capture an image
  • Image from a camera phone or a scan is sufficient
  • Access to a browser (≥ Internet Explorer 8)

User support

User support
Email or online ticketing support Email or online ticketing
Support response times An email support service is provided Monday-Friday 0800-1800 (GMT +1). A response to a technical question is provided within two hours.

Email support is not currently available at weekends
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels NSL provides clients and users with a range of support services, from prior to service take-up through to all the stages of service implementation and usage. Within the system, these include email support services, instruction manuals and a query submission pro forma. Outside the system, NSL offers direct telephone access to a vetting support line which can answer most subject matter queries on vetting and screening requirements and processes. Our Technical Director is available to deal with more complex cases in the context of immigration and legislation compliance.
Technical system queries are addressed by a technical support line which is available to respond to first line issues and concerns. More complex technical queries can be addressed through in-system monitoring and remote access. NSL also provides out of system email support services and advice lines. NSL does not charge clients or users for access to support services; however, where specific consultancy services are required, these are charged on a case by case basis.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started The service implementation process starts with an evaluation of the client’s needs so that the level and type of check required to be present within the system meets the client’s needs.

Following this, the system is set up and the client and any system users are offered a range of support services such as in-system training programmes, comprehensive in-system user manuals and on-line and face to face on-site training opportunities.

Once the service has commenced, the client is able to access telephone support and helpdesk services. If a checked document should fail the check process, it is automatically referred to an expert helpdesk for further evaluation.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats Hard copy training material available
End-of-contract data extraction Clients are advised during the service implementation process of the processes through which their data can be amended or deleted both during the service or at the end of service. Clients are given a 14-day period during which they can continue to access the service after the service end date to enable them to extract their data from the system. Where a particular client may have a high volume of data, this 14-day period is flexible to ensure that the client has every opportunity to remove the data that they may want. NSL offers support services to clients throughout this process and only deletes client system data once a client has agreed that they have removed all of the data that they need.
End-of-contract process Once it has been established that a client intends to end their contract, NSL provides the client with detailed information on the removal by controlled, secure download and deletion of any data that the client has on NSL Valid8. Clients are offered the necessary level of support to help them deal with removal and deletion. NSL also explains to the client any data retention obligations under UK legislation that will fall on the client once the service contract has ended. A return date for any NSL-owned equipment that forms part of the service with the client is set and collection processes are put in place. A date is set with the client beyond which new material cannot be uploaded to NSL Valid8 and, on the service end date, user access to the live system is closed with access remaining for any data removal period agreed between NSL and the client. All scanned documents can be returned as PDFs.

Following that, the system is electronically cleansed of client data.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Keesing's Authentiscan App gives access to the NSL Valid8 service on mobile devices.
The mobile service only uploads images from the phone whereas the desktop service can use ancillaries such as a passport scanner. More images are used to check documents on the mobile version.
Accessibility standards None or don’t know
Description of accessibility Our system uses the standard accessibility features of web browsers to enable access. The nature of the work (i.e. checking the validity and authenticity of identification and immigration documentation) necessarily requires a degree of visual acuity, but our system removes the need for the users to be able to discern the fine detail of a document. Reports are provided in a format (PDF) that uses the standard accessibility tools provided.
Accessibility testing Not applicable - the nature of the work (i.e. checking the validity and authenticity of identification and immigration documentation) necessarily requires a degree of visual acuity, but our system removes the need for the users to be able to discern the fine detail of a document.
What users can and can't do using the API The API includes a comprehensive instruction manual within which users will find full instructions and processes in order for them to consider and build all aspects of the required integration level between the user platform and the Keesing system. Testing processes and the process for the building of test platforms are laid out in the instruction manual allowing users to fully develop and test an integration process between the user platform and the Keesing platform. Within set system parameters, the API process can be make changes to the integration process however changes to the Keesing system are not permitted either through the API or any other process.
Documentation for the API and the integration process are available in HTML, PDF or hard copies.
API documentation Yes
API documentation formats
  • HTML
  • PDF
  • Other
API sandbox or test environment Yes
Customisation available Yes
Description of customisation NSL Valid8 has a number of ways in which the system and the checks undertaken can be delivered as a bespoke option for a particular customer’s needs and requirements. The service can be customised by adding customer branding on the service landing pad and process pages.

Additionally, customers can select the level, content and report destination of checks undertaken from a list of service options available within the system. Customer branding can be added or varied at any time.

Check process selection has to be determined by the customer at the system implementation stage. Customer requirements are then built into the system by NSL. Customers cannot customise the system by themselves.


Independence of resources NSL Valid8 is supported by high availability and fail-over servers that are scaled to provide sufficient capacity for all of the registered users. Capacity planning takes account of new customers and the potential impact on service availability; measures are taken as necessary to assure service integrity.


Service usage metrics Yes
Metrics types Within the system, the user has access to a dashboard that allows them to tailor service usage metric reporting to meet their specific needs and reporting requirements. A range of reports can be created using user-defined criteria to enable users to extract and export specified input and output data.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Reseller providing extra support
Organisation whose services are being resold Keesing Technologies

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Data can be freely exported by clients using the CSV, XLS, XLSX, XML and PDF data formats. Users select a data export range and criteria manually from an in-system selection box and choose in which format they wish to export the data. Data exporting is fully managed by the client from in-system menus and is not restricted or controlled by NSL.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • PDF2 - preferred (enhanced security format)
  • XML
  • XLS
  • XLSX
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
  • XLS
  • XML
  • JPEG
  • PDF
  • XLSX

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Customers have twenty-four-hours-per-day access, barring force majeure and time-out for maintenance. Planned Maintenance will take place outside normal business hours. Unplanned maintenance will only take place in the event of service failure and limited to the minimum necessary to restore service. Additional maintenance will be scheduled to take place as soon as possible outside business hours. We will provide reasonable notice of maintenance periods. Service credits for loss of service or access to services are agreed upon on an individual client basis. The nature of the service is that payment is 'per item' and so service credits are related to the client's normal volume of activity and the consequent impact of the disruption. The availability target for the service is 99.5%, excluding agreed maintenance periods.
Approach to resilience Our data centres provide resilience through full back-up and fail-over arrangements and comprehensive disaster recovery plans. These are designed to restore service fully in the event of complete building, services or system failure. Disaster recovery plans are periodically tested to make sure that our approach is robust and reliable. Further details are available upon request.
Outage reporting Clients are notified by email in advance of any planned maintenance that will cause a service outage. In the event of an unplanned outage, users will be sent an email advising when the service is likely to be restored and kept informed periodically during the outage.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Username or password
  • Other
Other user authentication Users are authenticated and granted access through a unique combination of 1) account, 2) user and 3) password. Password length and strengths can be adapted to suit the client's needs. Password expiry periods can be built in according to client requirements and users incorrectly submitting a password on 3 consecutive attempts are locked out of the system.
Access restrictions in management interfaces and support channels System users are graded according to privilege and access right levels. Users can only access pre-configured processes within the system. Set functions which impact on system set up, user set up and access and data integrity are restricted to high grade management users.

Management and support (admin) users are only able to access certain data if they have been authorised to do so by the client.
Access restriction testing frequency At least every 6 months
Management access authentication
  • Username or password
  • Other

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for Between 6 months and 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for Between 6 months and 12 months
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Lloyds Register, Netherlands
ISO/IEC 27001 accreditation date 12/08/2016
What the ISO/IEC 27001 doesn’t cover The full scope of the service that we provide is covered by ISO27001 accreditation.

In addition to Keesing's ISO27001 accreditation, NSL, as the reseller of their services also has ISO27001, issued by BSI on 07/02/2017
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes NSL maintains a comprehensive ISO27001 Information Security Management System that covers all aspects of information security and information governance across the whole of our business.
NSL’s board director for Information Technology and Risk is the person with overall responsibility for maintaining the security of our IT systems and for monitoring and managing the risks and threats to which they are exposed. The maintenance of system integrity and security is the functional responsibility of specialist staff. Key staff with responsibility for IT security include NSL’s Risk and Information Security Manager, the Head of IT Programmes, plus the staff of our internal IT services supplier.
Access to systems and/or data is limited to individuals whose work necessitates access and is controlled: passwords change frequently. NSL staff associated with NSL Valid8 undergo pre-employment screening and are required to adhere to strict confidentiality and information security standards relating to the specifics of their work. All staff receive training in our IT policies and the procedures that apply to them to maintain compliance with ISO27001.
Systems are monitored as a matter of routine; any incidents are investigated thoroughly to ascertain the root cause so that appropriate measures may be taken to prevent recurrence.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Change requests that necessitate product modification(s) are prioritised and translated to a functional and technical design. Environments for development, testing, acceptance and production are separated. Upon approval, a full back-up is made before installing the release. If successful, the back-ups are deleted; if not, they will be restored. Maintenance is undertaken outside normal working hours (2100 - 0600) to minimise the impact on users. Any deviation from this period will be notified in advance.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Monitoring takes place 24/7 to obtain information on usage patterns and to detect unusual activity that might be indicative of increased threat levels and an attack.
Patches provided by third parties are installed as soon as they are available. Patches for any potential vulnerabilities in proprietary software are developed to address the threat, tested and installed as soon as possible.
Threat intelligence feeds are used to obtain information about potential threats.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Cloud Flare is used as the Web Application Firewall for NSL Valid8. Potential compromises are identified through penetration testing carried out in-house and by leveraging collective intelligence with Cloud Flare.
Incidents are graded and escalated immediately and responded to as the threat dictates to reduce our exposure to compromise. The objective is always to take appropriate measures to mitigate risk and maintain the integrity of the system.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Incidents may be reported to the Helpdesk by email or phone. Response time during opening hours is 15 minutes; investigation starts within 2 hours.
All incidents are logged and prioritised based on the estimated impact. If no permanent solution can be implemented within the pre-defined resolution times, we will implement a temporary solution while a comprehensive solution is developed.
Our process for the majority of incidents is well-defined and well-understood by support staff, with a mechanism to identify and escalate atypical or serious incidents. Incident reports are provided by email on resolution or as an interim measure if necessary.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £1.40 to £2.00 per transaction
Discount for educational organisations No
Free trial available Yes
Description of free trial Use of the system for submission of electronic documents is available on a free trial basis.
There is limited availability for free trials using an identity document scanner to submit documents for checking.
In both scenarios, the trial would be for up to 28 days and 250 documents checked.


Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑