Documents that are electronically signed or marked with a timestamp are subject to ageing, just like their hard copy counterparts. If the certificates or mathematical algorithms used there are no longer up to date, this results in them losing their value as evidence. They therefore need to be updated at regular intervals. Providers of special electronic archives, i.e. archiving services, take responsibility for this, and thus ensure that evidential value is retained by replacing the ageing algorithms in good time.
As an accredited testing and certification body, TÜViT supports trust service providers, from the planning of their services to the necessary tests and certification.
As a testing and certification basis, we utilize national statutory requirements (e.g. the German Digital Signature Act), European legal standards (eIDAS) or exclusively technical and organizational requirements (ETSI, WebTrust for CA).
Our IT security experts apply an agile approach during the project, test and certification. You thus have the opportunity after each concluded phase, whether in the project or during the audits, to consult our experts. This allows the risk of unprofitable investments to be reduced.
During the test for a qualified trust service, for example, the following standards would apply to the preparation of certificates for electronic signatures or seals in accordance with eIDAS:
- legal standards: eIDAS or local legislation, e.g. the Trust Services Act etc.
- ETSI standards (- ETSI EN 319,411-2 and associated) or permitted alternative standards.
An eIDAS and ETSI certification can subsequently take place.
Our services at a glance
- conduct of workshops, one-day or multi-day
- overview of test requirements and joint evaluation of the sub-requirements relevant to you
- coordination of your detailed questions on standard requirements, on tests and certifications
- project support according our agile approach
- review of the PKI concept
- gap analysis of documents or processes implemented
- review of your documentation (typically of the certification practice statement, CPS) to check it fulfils standard requirements
- review of your service implementation on-site
- documentation of any outstanding issues
- on-site audit to review the processes and technical systems implemented
- assessment of organizational, technical, physical or structural security measures
- issue of an audit report (e.g. an eIDAS conformity assessment report)
- if all criteria are fulfilled, a certificate is issued and published on the TÜViT website
Your benefits at a glance
- minimizing unprofitable investments through agile approach
- cost reduction through gap analysis
- targeted project implementation regarding your budget, schedule and standard specifications
- for tests under eIDAS: Conformity assessment report
- as a prerequisite for approval as a qualified trust service provider, and
- for presentation to the responsible regulatory body
- verification that legislation and legal requirements are fulfilled, where these derive from the corresponding requirements
- verification that your security measures are applied in a targeted, effective and sustainable manner
- audit and certification by the market leader: e.g. TÜViT has issued over 350 certificates under the German Digital Signature Act and eIDAS, and 150 for PKIs using other criteria, e.g. ETSI