Trust service providers (TSPs) that provide certificates for electronic signatures and seals and the associated services are subject to extensive statutory and technical requirements.
As an accredited testing and certification body, TÜViT supports trust service providers, from the planning of their services to the necessary tests and certification.
Certifications for providers of services such as electronic signatures or seals
Services such as electronic signatures or seals can be considered within the framework of an independent test, and various trust service providers can then integrate them into their services in a modular manner. The provider receives a corresponding test report, which indicates the conformity of their services to the specifications of a certain standard. The certification then typically takes place together with the trust service that utilizes the module with the service.
As modular services, virtually all sub-processes of a trust service can be considered separately and covered by their own test report – they are thus ready for use by trust service providers.
Typical services include
- identification services such as electronic signatures and seals, archiving services
- call center services
As a testing and certification basis, we utilize national statutory requirements (e.g. the German Digital Signature Act), European legal standards (eIDAS) or exclusively technical and organizational requirements (ETSI, WebTrust for CA).
Our IT security experts apply an agile approach during the project, test and certification. You thus have the opportunity after each concluded phase, whether in the project or during the audits, to consult our experts. This allows the risk of unprofitable investments to be reduced.
During the test for a qualified trust service, for example, the following standards would apply to the preparation of certificates for electronic signatures or seals in accordance with eIDAS:
- legal standards: eIDAS or local legislation, e.g. the Trust Services Act etc.
- ETSI standards (- ETSI EN 319,411-2 and associated) or permitted alternative standards.
An eIDAS and ETSI certification can subsequently take place.
Our services at a glance
- conduct of workshops, one-day or multi-day
- overview of test requirements and joint evaluation of the sub-requirements relevant to you
- coordination of your detailed questions on standard requirements, on tests and certifications
- project support according our agile approach
- review of the PKI concept
- gap analysis of documents or processes implemented
- review of your documentation (typically of the certification practice statement, CPS) to check it fulfils standard requirements
- review of your service implementation on-site
- documentation of any outstanding issues
- on-site audit to review the processes and technical systems implemented
- assessment of organizational, technical, physical or structural security measures
- issue of an audit report (e.g. an eIDAS conformity assessment report)
- if all criteria are fulfilled, a certificate is issued and published on the TÜViT website
Your benefits at a glance
- minimizing unprofitable investments through agile approach
- cost reduction through gap analysis
- targeted project implementation regarding your budget, schedule and standard specifications
- for tests under eIDAS: Conformity assessment report
- as a prerequisite for approval as a qualified trust service provider, and
- for presentation to the responsible regulatory body
- verification that legislation and legal requirements are fulfilled, where these derive from the corresponding requirements
- verification that your security measures are applied in a targeted, effective and sustainable manner
- audit and certification by the market leader: e.g. TÜViT has issued over 350 certificates under the German Digital Signature Act and eIDAS, and 150 for PKIs using other criteria, e.g. ETSI