Servers and websites available on the internet must be clearly attributed to their operators if users are to trust them. The secure identification of websites and server systems on the internet takes place using electronic certificates.
As an accredited testing and certification body, TÜViT supports trust service providers, from the planning of their services to the necessary tests and certification.
As a testing and certification basis, we utilise national statutory requirements (e.g. the Trust Services Act, VDG), European legal standards (eIDAS), the Baseline Requirements and/or the Extended Validation (EV) guidelines of the CA/Browser Forum, or exclusively technical and organisational requirements (ETSI, WebTrust for CA).
Our IT security experts apply an agile approach during the project, test and certification. You thus have the opportunity after each concluded phase, whether in the project or during the audits, to consult our experts. This allows the risk of unprofitable investments to be reduced.
During the test for a qualified trust service, for example, the following standards would apply to the preparation of certificates for website authentication in accordance with eIDAS:
- Legal standards: eIDAS or local legislation, e.g. the Trust Services Act
- ETSI standards (ETSI EN 319 411-1, …411-2 and associated) or permitted alternative standards.
An eIDAS and ETSI certification can subsequently take place.
Our services at a glance
- conduct of training courses and workshops, one-day or multi-day
- overview of test requirements and joint evaluation of the sub-requirements relevant to you
- coordination of your detailed questions on standard requirements, on tests and certifications
- project support
- review of the PKI concept
- gap analysis of documents or processes implemented
- we use your documentation (typically of the certification practice statement, CPS) to check whether your website fulfils the defined criteria and standard requirements
- examination of your service implementation on location at your premises
- documentation of any outstanding issues
- on-site audit to review the processes and technical systems implemented
- assessment of organizational, technical, physical or structural security measures
- issue of an audit report (e.g. an eIDAS conformity assessment report)
- if all criteria are fulfilled, a certificate is issued and published on the TÜViT website
Your benefits at a glance
- targeted project implementation regarding your budget, schedule and standard specifications
- for tests under eIDAS: Conformity assessment report
- as a prerequisite for approval as a qualified trust service provider, and
- for presentation to the responsible regulatory body
- verification of compliance with legislation and legal requirements, both legal and technical, that derive from the corresponding requirements
- verification that your security measures are applied in a targeted, effective and sustainable manner