Validation services are indispensable for assessing the correctness and integrity of electronically signed, sealed and timestamped documents. They also ensure transparency. Users can immediately find out whether e.g. the signature under an electronically signed document is valid.
As an accredited testing and certification body, TÜViT supports trust service providers in the planning or further development of their services, as well as in the testing and even certification under eIDAS, ETSI or the Technical Guidelines of the German Federal Office of Information Security (BSI).
As a testing and certification basis, we utilize national statutory requirements (e.g. the German Digital Signature Act), European legal standards (eIDAS) or exclusively technical and organizational requirements (ETSI, WebTrust for CA).
Our IT security experts apply an agile approach during the project, test and certification. You thus have the opportunity after each concluded phase, whether in the project or during the audits, to consult our experts. This allows the risk of unprofitable investments to be reduced.
During the test for a qualified trust service, for example, the following standards would apply to the preparation of certificates for electronic signatures or seals in accordance with eIDAS:
- legal standards: eIDAS or local legislation, e.g. the Trust Services Act etc.
- ETSI standards (- ETSI EN 319,411-2 and associated) or permitted alternative standards.
An eIDAS and ETSI certification can subsequently take place.
Our services at a glance
- conduct of workshops, one-day or multi-day
- overview of test requirements and joint evaluation of the sub-requirements relevant to you
- coordination of your detailed questions on standard requirements, on tests and certifications
- project support according our agile approach
- review of the PKI concept
- gap analysis of documents or processes implemented
- review of your documentation (typically of the certification practice statement, CPS) to check it fulfils standard requirements
- review of your service implementation on-site
- documentation of any outstanding issues
- on-site audit to review the processes and technical systems implemented
- assessment of organizational, technical, physical or structural security measures
- issue of an audit report (e.g. an eIDAS conformity assessment report)
- if all criteria are fulfilled, a certificate is issued and published on the TÜViT website
Your benefits at a glance
- minimizing unprofitable investments through agile approach
- cost reduction through gap analysis
- targeted project implementation regarding your budget, schedule and standard specifications
- for tests under eIDAS: Conformity assessment report
- as a prerequisite for approval as a qualified trust service provider, and
- for presentation to the responsible regulatory body
- verification that legislation and legal requirements are fulfilled, where these derive from the corresponding requirements
- verification that your security measures are applied in a targeted, effective and sustainable manner
- audit and certification by the market leader: e.g. TÜViT has issued over 350 certificates under the German Digital Signature Act and eIDAS, and 150 for PKIs using other criteria, e.g. ETSI