Digital Tachograph System Turkish Authority (TR-A) Policy

Size: px
Start display at page:

Download "Digital Tachograph System Turkish Authority (TR-A) Policy"

Transcription

1 Ver. 1.0 Revision

2 INDEX 1 Introduction Responsible organization Approval Availability and contact details Scope and applicability General provisions Obligations TR-A and TR-CIA obligations TR-CA obligations TR-CP obligations Service Agency obligations Cardholder obligations VU manufacturers' obligations (role as personalization organization) Motion Sensor manufacturers' obligations (role as personalization organization) Liability TR-A and TR-CIA liability towards users and relying parties TR-CA and TR-CP liability towards the TR-A and TR-CIA Interpretation and enforcement Governing law Confidentiality Types of information to be kept confidential Types of information not considered confidential Practice Statement (PS) Equipment management Tachograph cards Quality control TR-CA/TR-CP function Application for card handled by the TR-CIA Card renewal handled by the TR-CIA Card update or exchange handled by the TR-CIA Replacement of lost, stolen, damaged and malfunctioned cards handled by the Application approval registration handled by the TR-CIA Card personalization handled by the TR-CP Card registration and data storage (DB) handled by the TR-CP and the TR-CIA Card distribution to the user handled by the TR-CP or TR-CIA Authentication codes (PIN) generated by the TR-CP Card deactivation handled by TR-A/TR-CIA and TR-CP Vehicle Units and Motion Sensors Root keys and transport keys management: European Root key, Turkish keys, Motion Sensor keys, transport keys ERCA public key Turkish keys Turkish keys generation Turkish keys period of validity Turkish private key storage Turkish private key backup Turkish private key escrow Turkish keys compromise Turkish keys end of life Motion Sensor keys Transport keys Key Certification Requests and Motion Sensor Key Distribution Request Equipment keys (asymmetric) General aspects TR-CP / TR-CA incl. Service Agencies and VU manufacturers Equipment key generation

3 7.2.2 Equipment key validity Equipment private key protection and storage - Cards Equipment private key protection and storage VUs Equipment private key escrow and archival Equipment public key archival Equipment keys end of life Equipment certificate management Data input Tachograph cards Vehicle units Tachograph card certificates Driver certificates Workshop certificates Control body certificates Hauling company certificates Vehicle unit certificates Equipment certificate time of validity Equipment certificate issuing Equipment certificate renewal and update Dissemination of equipment certificates and information Equipment certificate use Equipment certificate revocation TR-CA and TR-CP Information Security management Information security management of the TR-CA and TR-CP Asset classification and management of the TR-CA/TR-CP Personnel security controls of the TR-CA/TR-CP Trusted Roles Separation of roles Identification and Authentication for Each Role Background, qualifications, experience, and clearance requirements Training requirements System security controls of the CA and personalization systems Specific computer security technical requirements Computer security rating System development controls Security management controls Network security controls Security audit procedures Types of event recorded Frequency of processing audit log Retention period for audit log Protection of audit log Audit log backup procedures Audit collection system (internal vs. external) Record archiving Types of event recorded by the TR-CIA Types of event recorded by the TR-CA/TR-CP Retention period for archive Procedures to obtain and verify archive information TR-CA/TR-CP continuity planning Turkish keys compromise Other disaster recovery Physical security control of the CA and personalization systems Physical access TR-CA or TR-CP Termination Final termination - TR-A responsibility Transfer of TR-CA or TR-CP responsibility Audit

4 11.1 Frequency of entity compliance audit Topics covered by audit Who should do the audit Actions taken as a result of deficiency Communication of results Policy change procedures Items that may change without notification Changes with notification Notice Comment period Whom to inform Period for final change notice Changes requiring a new Policy approval References Glossary/Definitions and abbreviations Glossary/Definitions List of abbreviations Correspondence table with the ERCA Policy

5 1 Introduction This document is the Turkish National Authority Policy for the Digital Tachograph System. This Policy is in accordance with: - COUNCIL REGULATION (EC) No 2135/98 of 24 September 1998 amending Regulation (EEC) No 3821/85 on recording equipment in road transport and Directive 88/599/EEC concerning the application of Regulations (EEC) No 3820/84 and (EEC) No 3821/85 - European Agreement Concerning the Work of Crews of Vehicles Engaged in International Road Transport (AETR) concluded at Geneva on 1 July Memorandum of Understanding between the European Commission services and UNECE, January Commission Regulation (EC) No 1360/2002 of 13 June 2002 adapting for the seventh time to technical progress Council Regulation (EEC) No 3821/85 on recording equipment in road transport - the "Guideline and Template National Certification Authority policy" Version the "Common Security Guidelines" Version Digital Tachograph System European Root Policy, Version 2.1; European Commission Joint Research Center Publication 53429; 28 th July 2009; published at 1.1 Responsible organization Responsible for this Policy is the Directorate General for Land Transport of Ministry of Transport (MoT) of the Republic of Turkey acting as Contracting Party Authority (CPA), further referred to as TR-A 1. Ministry of Transport of the Republic of Turkey Directorate General for Land Transport (DGLT) Hakki Turaylic Cad. No: 5 Emek/Ankara TURKEY The appointed Card Issuing Authority (CIA) is the The Union of Chambers and Commodity Exchanges of Turkey (TOBB), further referred to as TR-CIA 2. The appointed Certification Authority (CA) is the The Union of Chambers and Commodity Exchanges of Turkey (TOBB), further referred to as TR-CA 3. The appointed Card Personalizing organization (CP) is the The Union of Chambers and Commodity Exchanges of Turkey (TOBB), further referred to as TR-CP 4. The Union of Chambers and Commodity Exchanges of Turkey (TOBB) may subcontract parts of its processes as TR-CA or TR-CP to subcontractors, called Service Agencies. The use of Service Agencies in no way diminishes its overall responsibilities as TR-CA and TR-CP. The appointed service agency for TR-CA and TR-CP is: TURKTRUST Information Security Services Inc. Hollanda Cad. 696.Sok. No:7 Yildiz Cankaya ANKARA TURKEY Phone: Fax: Web: 1 TR-A - Turkish Authority 2 TR-CIA - Turkish Card Issuing Authority 3 TR-CA - Turkish Certification Authority 4 TR-CP - Turkish Card Personalizing Organization - 5 -

6 1.2 Approval This Policy is approved for the European Commission by the Digital Tachograph Root Certification Authority at Digital Tachograph Root Certification Authority Traceability and Vulnerability Assessment Unit European Commission Joint Research Centre, Ispra Establishment (TP.360) Via E. Fermi, 1 I Ispra (VA) 1.3 Availability and contact details This Policy is publicly available on the website of the DGLT of Ministry of Transport of Turkey Questions concerning this Policy should be addressed to: Ministry of Transport Directorate General for Land Transport (DGLT) Hakki Turaylic Cad. No: 5 Emek/Ankara TURKEY - 6 -

7 2 Scope and applicability [r1] This Policy is valid for the Tachograph system only. [r2] The keys and certificates issued by the TR-CA are only for use within the Tachograph system. [r3] The cards issued by the system are only for use within the Tachograph system. The scope of this Policy within the Tachograph system is shown in the figure below

8 3 General provisions This section contains provisions relating to the respective obligations of TR-A, TR-CIA, TR-CA, TR- CP, Service Agencies and users, and other issues pertaining to law and dispute resolution. 3.1 Obligations This section contains provisions relating to the respective obligations of: TR-A and TR-CIA TR-CA and Service Agency (if any) TR-CP and Service Agency (if any) Users (Cardholders, VU manufacturers and Motion Sensor manufacturers) TR-A and TR-CIA obligations With regard to this Policy, the TR-A and TR-CIA have the following obligations. [r4] The TR-A shall: a) Maintain this Policy b) Appoint a TR-CA and a TR-CP c) Audit the appointed TR-CA and TR-CP including Service Agencies d) Approve the TR-CA/TR-CP Practice Statements e) Inform the appointed parties about this Policy f) Let this Policy be approved by the Commission [r5] The TR-CIA shall: a) Ensure that correct and relevant user information from the application process is input to the TR-CA and TR-CP b) Inform the users of the requirements in this policy connected to the use of the system, i.e. the Cardholders, the VU manufacturers and the Motion Sensor manufacturers TR-CA obligations [r6] The appointed TR-CA shall: a) Follow this Policy b) Publish a TR-CA Practice Statement (TR-CA PS) that includes reference to this Policy, to be approved by the TR-A c) Maintain sufficient organizational and financial resources to operate in conformity with the requirements laid down in this Policy, in particular to bear the risk of liability damages [r7] The TR-CA shall ensure that all requirements on TR-CA, as detailed in this policy, are implemented. [r8] The TR-CA has the responsibility for conformance with the procedures prescribed in this policy, even when the TR-CA functionality is undertaken by subcontractors, Service Agencies. The TR-CA is responsible for ensuring that any Service Agency provides all its services consistent with its Practice Statement (PS) and this Policy TR-CP obligations [r9] The appointed TR-CP (card personalization organization) has to: a) Follow this Policy - 8 -

9 b) Publish a TR-CP Practice Statement (TR-CP PS) that includes reference to this Policy, to be approved by the TR-A c) Maintain sufficient organizational and financial resources to operate in conformity with the requirements laid down in this Policy, in particular to bear the risk of liability damages [r10] The TR-CP shall ensure that all requirements on it, as detailed in this policy, are implemented. [r11] The TR-CP has the responsibility for conformance with the procedures prescribed in this policy, even when the TR-CP functionality is undertaken by subcontractors, Service Agencies Service Agency obligations [r12] Service Agencies (if applicable) have obligations towards the TR-CA or TR-CP and the users according to contractual agreements Cardholder obligations [r13] The TR-CIA shall oblige, through agreement (see 5.1.2), the user (or user's organization) to fulfill the following obligations: a) accurate and complete information is submitted to the TR-CIA in accordance with the requirements of this policy, particularly with regards to registration; b) the keys and certificate are only used in the Tachograph system; c) the card is only used in the Tachograph system; d) reasonable care is exercised to avoid unauthorized use of the equipment private key and card; e) the user may only use his own keys, certificate and card (AETR article 11.4.a); f) a user may have only one valid driver card (AETR article 11.4.a); g) a user may only under very special, and duly justified, circumstances have both a workshop card and a hauling company card (AETR Appendix 1B VI: 1), or both a workshop card and a driver card, or several workshop cards h) the user shall not use a damaged or expired card (AETR article 11.4.a); i) the user shall notify the TR-CIA without any reasonable delay if any of the following occur up to the end of the validity period indicated in the certificate: the equipment private key or card has been lost, stolen or potentially compromised; (AETR article 12.1);or the certificate content is, or becomes, inaccurate VU manufacturers' obligations (role as personalization organization) Not applicable in Turkey for the time being or in the foreseeable future Motion Sensor manufacturers' obligations (role as personalization organization) Not applicable in Turkey for the time being or in the foreseeable future. 3.2 Liability The TR-CA and TR-CP do not carry liability towards end users, only towards the TR-A and TR-CIA. Any liability issues towards end users are the responsibility of the TR-A/TR-CIA

10 [r16] Tachograph cards, keys and certificates are only for use within the Tachograph system, any other certificates present on Tachograph cards are in violation of this policy, and hence neither the TR-A, the TR-CIA, the TR-CA nor the TR-CP carries any liability in respect to any such TR-A and TR-CIA liability towards users and relying parties [r17] The TR-A and TR-CIA are liable for damages resulting from failures to fulfill their obligations only if they have acted negligently. If the TR-A or TR-CIA has acted according to this Policy, and any other governing document, it shall not be considered to have been negligent TR-CA and TR-CP liability towards the TR-A and TR-CIA [r18] The TR-CP and TR-CA are liable for damages resulting from failures to fulfill these obligations only if they have acted negligently. If the organization has acted according to this Policy and the corresponding PS or any other governing document, it shall not be considered to have been negligent. 3.3 Interpretation and enforcement Governing law All matters related to the implementation and enforcement on the Digital Tachograph System in Turkey will be resolved according to the Turkish national legislation in force. 3.4 Confidentiality Confidentiality is restricted according to the Directive 95/46/EC and Turkish Penal Code No on the protection of individuals with regard to the processing of personal data and on the movement of such data Types of information to be kept confidential [r19] Any personal or corporate information held by the TR-CA, the TR-CP or Service Agencies that is not appearing on issued cards or certificates is considered confidential, and shall not be released without the prior consent of the user, nor (where applicable) without prior consent of the user's employer or representative, unless required otherwise by law. [r20] All private and secret keys used and handled within the TR-CA/TR-CP operation under this Policy are to be kept confidential. [r23] Audit logs and records shall not be made available as a whole, except as required by law Types of information not considered confidential [r24] Certificates are not considered confidential. [r25] Identification information or other personal or corporate information appearing on cards and in certificates is not considered confidential, unless statutes or special agreements so dictate

11 4 Practice Statement (PS) [r26] The TR-CA and TR-CP shall have statements of the practices and procedures used to address all the requirements identified in this Policy, Practice Statements (PS). The TR-A shall approve the PS. In particular: a) The PS shall identify the obligations of all external organizations supporting the TR-CA and TR-CP services including the applicable policies and practices. b) The Practice statement shall be made available to the TR-A, to users of the Tachograph system, and to relying parties (e.g. control bodies). However, the TR-CA/TR-CP is not generally required to make all the details of its practices public and available for the users. c) The management of the TR-CA/TR-CP has responsibility for ensuring that the PS is properly implemented d) The TR-CA/TR-CP shall define a review process for the PS. e) The TR-CA/TR-CP shall give due notice of changes it intends to make in its PS and shall, following approval, make the revised PS immediately available. Minor revisions may be released without TR-A approval

12 5 Equipment management The equipment in the Tachograph system is defined as: - Tachograph cards - Vehicle units - Motion Sensors The equipment is handled and managed by several roles: - TR-CIA (registration, renewal, etc.) - TR-CA (certificates, keys) - TR-CP (visual and electronic personalization, distribution, deactivation) - VU manufacturers and Motion Sensor manufacturers The following functions are carried out by the TR-A: - Quality control (type approval) The following functions are carried out by the TR-CIA: - Applications for cards - Application approval registration - Equipment registration and data storage (DB) The following functions are carried out by the TR-CA and TR-CP: - Quality control (sample tests) - Key insertion - Personalization of cards - Distribution The functions carried out by the VU manufacturers are out of the scope of this Policy. The functions carried out by Motion Sensor manufacturers are out of the scope of this Policy. 5.1 Tachograph cards Quality control TR-CA/TR-CP function [r27] The TR-CA/TR-CP shall ensure that only type approved cards according to the AETR are personalized in the Tachograph system. See also Application for card handled by the TR-CIA [r28] The TR-CIA shall inform the user of the terms and conditions regarding use of the card. This information shall be available at least in Turkish and English. [r29] The user shall, by applying for a card, and accepting delivery of the card, accept the terms and conditions

13 User application [r30] Applicants for a Tachograph card shall deliver an application in a form to be determined by the TR-A or TR-CIA. As a minimum, the application shall include the data needed to ensure the correct identification of the user. The following information is required for issuing a card. Unless gathered from other sources, it should be included in the application: - Full name - Date and place of birth - Place of residence - National Identity Number - Postal address - Photo (unless a valid filed photo is used) (Optional except for driver cards) - Preferred language Driver card specific: - Driving license number Workshop card specific: [r31] Workshop cards shall be issued only to physical persons associated with legal persons, and who can provide the following evidence: - full name (including surname and given names) of the user; - date and place of birth, reference to a nationally recognized identity document, or other attributes of the user which may be used to, as far as possible, distinguish the person from others with the same name; - full name and legal status of the associated legal person or other organizational entity; Control body card specific: [r32] Control body certificates shall be issued only to physical persons associated with legal persons, and who can provide the following evidence: - full name (including surname and given names) of the user; - date and place of birth, reference to a nationally recognized identity document, or other attributes of the user which may be used to, as far as possible, distinguish the person from others with the same name; - full name and legal status of the associated legal person or other organizational entity; Hauling company card specific: [r33] Hauling company certificates shall be issued to individual representatives of companies owning or holding vehicles fitted with digital Tachograph and who can provide evidence of: - full name (including surname and given names) of the user; - date and place of birth, reference to a nationally recognized identity document, or other attributes of the user which may be used to, as far as possible, distinguish the person from others with the same name; - full name and legal status of the associated legal person or other organizational entity; - any relevant existing registration information (e.g. company registration) of the associated legal person or other organizational entity; - the user's association with the legal person or other organizational entity Agreement [r34] The applicant shall, by making an application for a card and accepting delivery of the card, make an agreement with the TR-CIA, stating as a minimum the following: - the user agrees to the terms and conditions regarding use and handling of the Tachograph card

14 - the user agrees to, and certifies, that from the time of card acceptance and throughout the operational period of the card, until TR-CIA is notified otherwise by the user: no unauthorized person has ever had access to the user s card all information given by the user to the TR-CIA relevant for the information in the card is true; the card is being conscientiously used in consistence with usage restrictions for the card TR-CIA terms of approval - Driver card specific [r35] A Driver card shall only be issued to individuals having permanent residence in the country of application. [r36] The TR-CIA shall ensure that the applicant does not have a valid Driver card issued in another Member State or AETR Contracting Party. [r37] The TR-CIA shall ensure that the applicant for a Driver card has a valid driving license of appropriate class Card renewal handled by the TR-CIA [r38] Workshop cards shall be valid for no more than one year from issuance (AETR article 9.1). [r39] Driver cards shall be valid no more than five years from issuance (AETR article 11.4.a). [r40] Company cards shall be valid no more than five years from issuance. [r41] Control cards shall be valid no more than two years from issuance. [r42] The TR-CIA shall establish routines to remind the user of pending expiration. [r43] An application for renewal shall follow section Driver cards [r44] The user shall apply for a renewal card at least 15 working days prior to card expiration. [r45] If the user complies with the above rule, the TR-CIA shall issue a new driver card before the current card expires Workshop cards [r46] The user shall apply for a renewal card at least 15 working days prior to card expiration. [r47] The TR-CIA shall issue a renewal card within 5 working days of receiving a complete application Company cards [r48] The user shall apply for a renewal card at least 15 working days prior to card expiration. [r49] If the user complies with the above rule, the TR-CIA shall issue a new company card before the current card expires Control cards [r50] The user shall apply for a renewal card at least 15 working days prior to card expiration

15 [r51] The TR-CIA shall issue a renewal card within 5 working days of receiving a complete application Card update or exchange handled by the TR-CIA [r52] A user who changes country of residence may request to have his/her driver card exchanged. If the current card is valid, the user shall only show proof of residence in order to have the application granted. [r53] The TR-CIA shall upon delivery of the new card take possession of the previous card and send it to the National Authority of origin (AETR article 11.4.c). [r54] Card exchange due to changed country of residence shall otherwise follow the rules for new card issuing Replacement of lost, stolen, damaged and malfunctioned cards handled by the TR-CIA [r55] If a card has been lost or stolen, the user shall report this to the local Police and receive a copy of the report. Loss of card may be reported by the user, or by the Police upon receiving a found card. The Police shall without delay notify the issuing TR-CIA of the report. [r56] Stolen and lost card shall be put on a blacklist available to authorities in all Member States. [r57] Damaged and malfunctioning cards shall be delivered to the issuing TR-CIA, visually and electronically cancelled, and put on a blacklist. [r58] If the card is lost, stolen, damaged or malfunctioning, the user shall apply for a replacement card within 7 days. (AETR article 12.1) [r59] Provided the user follows the above requirements, the TR-CIA shall issue a replacement card with new keys and certificate within 5 working days from receiving a complete application. (AETR article 11.4.a) [r60] The replacement card shall inherit the time of validity from the original card (AETR Appendix 1B: VII). If the replaced card has less than six months remaining validity, the TR-CIA may issue a renewal card instead of a replacement card Application approval registration handled by the TR-CIA [r61] The TR-CIA shall register approved applications in a database. This data is made available for the TR-CA/TR-CP, which uses the information as input to the certificate generation and card personalization Card personalization handled by the TR-CP Cards are personalized both visually and electronically. In some cases this process will be carried out by Service Agents, this does not diminish the overall responsibility of the TR-A Visual personalization [r62] Cards shall be visually personalized according to AETR Appendix 1B, section IV User data entry [r63] Data shall be inserted in the card according to the structure in AETR Appendix 1B, subappendix 2, rules TCS_403, TCS_408, TCS_413 and TCS_418, depending on card type

16 Key entry [r64] The private key shall be inserted in the card without ever having left the key generation environment. This environment must guarantee that no person, in any way what so ever, can get control of the generated private key without detection. See also equipment key management, Certificate entry [r65] The user certificate shall be inserted in the card before distribution to the user Quality Control [r66] Documented routines shall exist to ensure that the visual information on users cards and the electronic information in issued cards and certificates matches each other and also matches the validated owner. The routines shall be described in the personalization PS Cancellation (destruction) of non-distributed cards [r67] All cards that are damaged or destroyed (or for other reasons are not finalized and distributed) during personalization shall be physically and electronically destroyed (cancelled). [r68] All destroyed cards shall be registered in a cancellation database Card registration and data storage (DB) handled by the TR-CP and the TR-CIA [r69] The TR-CP is responsible for keeping track of which card and card number is given to which user. Data shall be transferred from the TR-CP to the TR-CIA register Card distribution to the user handled by the TR-CP or TR-CIA [r70] a) The personalization shall be scheduled so as to minimize the time that the personalized card require safe-keeping before delivery to the user. Storage over night requires secure safekeeping. Documented routines shall exist for exception handling, including disturbances in the production process, failure of delivery, and loss of or damage to cards. b) Personalized cards shall be immediately transferred to the place where they are to be delivered or distributed to the user, i.e. a controlled area. c) Personalized cards shall always be kept separated from non-personalized cards. d) The Tachograph card shall be distributed in a manner so as to minimize the risk of loss. e) At the point of delivery of the card to the user, evidence of the user's identity (e.g. name) shall be checked against a physical person. f) The user shall present valid means of identification g) The reception of the card shall be acknowledged by the user s signature Authentication codes (PIN) generated by the TR-CP This section applies only to Workshop cards. [r71] Workshop cards shall have a PIN code, used for authenticating the card to the Vehicle unit (AETR Appendix 1B, sub Appendix 10: Tachograph cards: 4.2.2) [r72] PIN codes shall consist of at least 4 digits (AETR Appendix 1B, sub Appendix 10: Vehicle Units: 4.1.2) PIN generation [r73] PIN codes shall be generated in a secure system, securely transferred to workshop cards, and direct-printed to PIN-envelopes. PIN codes shall never be stored on a computer system in a manner

17 that allows connection between PIN and user. The PIN generation system shall meet the requirements of ITSEC E3, CC EAL4 or equivalent security criteria PIN distribution [r74] PIN codes may be distributed by regular mail. [r75] PIN codes shall not be distributed in connection with the corresponding cards Card deactivation handled by TR-A/TR-CIA and TR-CP [r76] It shall be possible to permanently deactivate a card and any keys residing thereon. A decision of deactivation shall be taken by the TR-A or TR-CIA, the actual operation should be carried out by the TR-CP or a Service Agency. [r77] Deactivation of cards shall take place in equipment suitable for the operation and it shall be verified that card functions and keys are destroyed. The card shall also be visually cancelled. [r78] Deactivation of cards shall be registered in the card database and the card number shall be put on the blacklist. 5.2 Vehicle Units and Motion Sensors Not applicable in Turkey for the time being or in the foreseeable future

Estonian National CA Policy

Estonian National CA Policy Estonian National CA Policy for the Digital Tachograph System Eesti Riiklik Autoregistrikeskus (ARK) Estonian Motor Vehicle Registration Centre Digital Tachograph System EST NCA Policy Version Draft Version

More information

Italian Tachograph MSA Policy v.1.1

Italian Tachograph MSA Policy v.1.1 Italian Tachograph MSA Policy v.1.1 Italian Tachograph MSA Policy v. 1.1 Page1 of 34 Amendment History Version Control Issue Date Status Version 1.0 May 2004 Approved by the European Authority Version

More information

NATIONAL CERTIFICATION AUTHORITY POLICY FOR GREECE

NATIONAL CERTIFICATION AUTHORITY POLICY FOR GREECE HELLENIC REPUBLIC NATIONAL CERTIFICATION AUTHORITY POLICY FOR GREECE Keys, certificates and equipment management (Registration, key generation, certificate issuing, personalization, distribution, use and

More information

Danske Bank Group Certificate Policy

Danske Bank Group Certificate Policy Document history Version Date Remarks 1.0 19-05-2011 finalized 1.01 15-11-2012 URL updated after web page restructuring. 2 Table of Contents 1. Introduction... 4 2. Policy administration... 4 2.1 Overview...

More information

Neutralus Certification Practices Statement

Neutralus Certification Practices Statement Neutralus Certification Practices Statement Version 2.8 April, 2013 INDEX INDEX...1 1.0 INTRODUCTION...3 1.1 Overview...3 1.2 Policy Identification...3 1.3 Community & Applicability...3 1.4 Contact Details...3

More information

Land Registry. Version 4.0 10/09/2009. Certificate Policy

Land Registry. Version 4.0 10/09/2009. Certificate Policy Land Registry Version 4.0 10/09/2009 Certificate Policy Contents 1 Background 5 2 Scope 6 3 References 6 4 Definitions 7 5 General approach policy and contract responsibilities 9 5.1 Background 9 5.2

More information

Apple Corporate Email Certificates Certificate Policy and Certification Practice Statement. Apple Inc.

Apple Corporate Email Certificates Certificate Policy and Certification Practice Statement. Apple Inc. Apple Inc. Certificate Policy and Certification Practice Statement Version 2.0 Effective Date: April 10, 2015 Table of Contents 1. Introduction... 4 1.1. Trademarks... 4 1.2. Table of acronyms... 4 1.3.

More information

Ericsson Group Certificate Value Statement - 2013

Ericsson Group Certificate Value Statement - 2013 COMPANY INFO 1 (23) Ericsson Group Certificate Value Statement - 2013 COMPANY INFO 2 (23) Contents 1 Ericsson Certificate Value Statement... 3 2 Introduction... 3 2.1 Overview... 3 3 Contact information...

More information

Certification Practice Statement

Certification Practice Statement FernUniversität in Hagen: Certification Authority (CA) Certification Practice Statement VERSION 1.1 Ralph Knoche 18.12.2009 Contents 1. Introduction... 4 1.1. Overview... 4 1.2. Scope of the Certification

More information

apple WWDR Certification Practice Statement Version 1.8 June 11, 2012 Apple Inc.

apple WWDR Certification Practice Statement Version 1.8 June 11, 2012 Apple Inc. Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.8 Effective Date: June 11, 2012 Table of Contents 1. Introduction... 4 1.1. Trademarks... 4 1.2.

More information

National Identity Exchange Federation (NIEF) Trustmark Signing Certificate Policy. Version 1.1. February 2, 2016

National Identity Exchange Federation (NIEF) Trustmark Signing Certificate Policy. Version 1.1. February 2, 2016 National Identity Exchange Federation (NIEF) Trustmark Signing Certificate Policy Version 1.1 February 2, 2016 Copyright 2016, Georgia Tech Research Institute Table of Contents TABLE OF CONTENTS I 1 INTRODUCTION

More information

DNSSEC Policy and Practice Statement.amsterdam

DNSSEC Policy and Practice Statement.amsterdam DNSSEC Policy and Practice Statement.amsterdam Contact T +31 26 352 55 00 support@sidn.nl www.sidn.nl Offices Meander 501 6825 MD Arnhem Mailing address Postbus 5022 6802 EA Arnhem May 24, 2016 Public

More information

TC TrustCenter GmbH Time-Stamp Practice and Disclosure Statement

TC TrustCenter GmbH Time-Stamp Practice and Disclosure Statement GmbH NOTE: The information contained in this document is the property of TC TrustCenter GmbH. This document may not be copied, distributed, used, stored or transmitted in any form or by any means, whether

More information

American International Group, Inc. DNS Practice Statement for the AIG Zone. Version 0.2

American International Group, Inc. DNS Practice Statement for the AIG Zone. Version 0.2 American International Group, Inc. DNS Practice Statement for the AIG Zone Version 0.2 1 Table of contents 1 INTRODUCTION... 6 1.1 Overview...6 1.2 Document Name and Identification...6 1.3 Community and

More information

GENERAL PROVISIONS...6

GENERAL PROVISIONS...6 Preface This Key Recovery Policy (KRP) is provided as a requirements document to the External Certification Authorities (ECA). An ECA must implement key recovery policies, procedures, and mechanisms that

More information

Certificate Policy. SWIFT Qualified Certificates SWIFT

Certificate Policy. SWIFT Qualified Certificates SWIFT SWIFT SWIFT Qualified Certificates Certificate Policy This Certificate Policy applies to Qualified Certificates issued by SWIFT. It indicates the requirements and procedures to be followed, and the responsibilities

More information

FINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information

FINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1

More information

Federal Reserve Banks Certification Authority (FR-CA) Certification Practice Statement

Federal Reserve Banks Certification Authority (FR-CA) Certification Practice Statement Certification Practice Statement 1.0 INTRODUCTION 1.1 OVERVIEW The Federal Reserve Banks ( FRBs ), utilizing Public Key Infrastructure ( PKI ) technology and operating as a Certification Authority ( FR-CA

More information

The name of the Contract Signer (as hereinafter defined) duly authorized by the Applicant to bind the Applicant to this Agreement is.

The name of the Contract Signer (as hereinafter defined) duly authorized by the Applicant to bind the Applicant to this Agreement is. Trustwave Subscriber Agreement for Digital Certificates Ver. 11JUL14 PLEASE READ THIS AGREEMENT AND THE TRUSTWAVE CERTIFICATION PRACTICES STATEMENTS ( CPS ) CAREFULLY BEFORE USING THE CERTIFICATE ISSUED

More information

Virginia Commonwealth University School of Medicine Information Security Standard

Virginia Commonwealth University School of Medicine Information Security Standard Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Data Handling and Storage Standard This standard is applicable to all VCU School of Medicine personnel. Approval

More information

CERTIFICATION PRACTICE STATEMENT UPDATE

CERTIFICATION PRACTICE STATEMENT UPDATE CERTIFICATION PRACTICE STATEMENT UPDATE Reference: IZENPE-CPS UPDATE Version no: v 5.03 Date: 10th March 2015 IZENPE 2015 This document is the property of Izenpe. It may only be reproduced in its entirety.

More information

TELSTRA RSS CA Subscriber Agreement (SA)

TELSTRA RSS CA Subscriber Agreement (SA) TELSTRA RSS CA Subscriber Agreement (SA) Last Revision Date: December 16, 2009 Version: Published By: Telstra Corporation Ltd Copyright 2009 by Telstra Corporation All rights reserved. No part of this

More information

CERTIFICATION APPLICATION FOR AN ELECTRONIC DOCUMENT MANAGEMENT SYSTEM

CERTIFICATION APPLICATION FOR AN ELECTRONIC DOCUMENT MANAGEMENT SYSTEM CERTIFICATION APPLICATION FOR AN ELECTRONIC DOCUMENT MANAGEMENT SYSTEM This form is reserved for agencies and brokers acting on their own account and for designers of EDM systems for those agencies and

More information

ETSI TS 102 042 V1.1.1 (2002-04)

ETSI TS 102 042 V1.1.1 (2002-04) TS 102 042 V1.1.1 (2002-04) Technical Specification Policy requirements for certification authorities issuing public key certificates 2 TS 102 042 V1.1.1 (2002-04) Reference DTS/SEC-004006 Keywords e-commerce,

More information

Polish Grid Certification Authority Certificate Policy and Certification Practice Statement

Polish Grid Certification Authority Certificate Policy and Certification Practice Statement Polish Grid Certification Authority Certificate Policy and Certification Practice Statement version 0.4 (DRAFT ) September 2, 2002 1 1 Introduction 1.1 Overview This document is written according to the

More information

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms

More information

CERTIMETIERSARTISANAT and C@RTEUROPE ELECTRONIC SIGNATURE SERVICE SUBSCRIPTION CONTRACT SPECIFIC TERMS AND CONDITIONS

CERTIMETIERSARTISANAT and C@RTEUROPE ELECTRONIC SIGNATURE SERVICE SUBSCRIPTION CONTRACT SPECIFIC TERMS AND CONDITIONS CERTIMETIERSARTISANAT and C@RTEUROPE ELECTRONIC SIGNATURE SERVICE SUBSCRIPTION CONTRACT SPECIFIC TERMS AND CONDITIONS Please fill in the form using BLOCK CAPITALS. All fields are mandatory. 1 1. SUBSCRIBER

More information

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)

More information

on Electronic Signature and change to some other laws (Electronic Signature Act) The Parliament has hereby agreed on this Act of the Czech Republic:

on Electronic Signature and change to some other laws (Electronic Signature Act) The Parliament has hereby agreed on this Act of the Czech Republic: 227/2000 Coll. ACT of 29 th June 2000 on Electronic Signature and change to some other laws (Electronic Signature Act) Amendment: 226/2002 Coll. Amendment: 517/2002 Coll. Amendment :440/2004 Coll. Amendment:

More information

INDEPENDENT AUDIT REPORT BASED ON THE REQUIREMENTS OF ETSI TS 101 456. Aristotle University of Thessaloniki PKI (www.pki.auth.gr) WHOM IT MAY CONCERN

INDEPENDENT AUDIT REPORT BASED ON THE REQUIREMENTS OF ETSI TS 101 456. Aristotle University of Thessaloniki PKI (www.pki.auth.gr) WHOM IT MAY CONCERN Title INDEPENDENT AUDIT REPORT BASED ON THE REQUIREMENTS OF ETSI TS 101 456 Customer Aristotle University of Thessaloniki PKI (www.pki.auth.gr) To WHOM IT MAY CONCERN Date 18 March 2011 Independent Audit

More information

CERTIFICATION POLICY QUEBEC CERTIFICATION CENTRE. 2015 Notarius Inc.

CERTIFICATION POLICY QUEBEC CERTIFICATION CENTRE. 2015 Notarius Inc. CERTIFICATION POLICY QUEBEC CERTIFICATION CENTRE 2015 Notarius Inc. Document Version: 4.5 OID: 2.16.124.113550 Effective Date: July 17, 2015 TABLE OF CONTENTS 1. GENERAL PROVISIONS...8 1.1 PURPOSE...8

More information

Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure

Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure 1.0 INTRODUCTION 1.1 Overview The Federal Reserve Banks operate a public key infrastructure (PKI) that manages

More information

Federal Reserve Certification Authority (FR-CA) Certification Practice Statement for United States Treasury Auctions

Federal Reserve Certification Authority (FR-CA) Certification Practice Statement for United States Treasury Auctions Federal Reserve Certification Authority (FR-CA) Certification Practice Statement for United States Treasury Auctions 1.0 INTRODUCTION 1.1 OVERVIEW The Federal Reserve Bank of New York ( FRBNY ) acts as

More information

CMS Illinois Department of Central Management Services

CMS Illinois Department of Central Management Services CMS Illinois Department of Central Management Services State of Illinois Public Key Infrastructure Certification Practices Statement For Digital Signature And Encryption Applications Version 3.3 (IETF

More information

STATUTORY INSTRUMENTS 2012 No. _

STATUTORY INSTRUMENTS 2012 No. _ STATUTORY INSTRUMENTS 2012 No. _ THE ELECTRONIC SIGNATURES REGULATIONS 2012 ARRANGEMENT OF REGULATIONS Regulation PART I-PRELIMINARY 1. Title. 2. Interpretation PART II - LICENSING AND RECOGNITION OF CERTIFICATION

More information

Office 365 Data Processing Agreement with Model Clauses

Office 365 Data Processing Agreement with Model Clauses Enrollment for Education Solutions Office 365 Data Processing Agreement (with EU Standard Contractual Clauses) Amendment ID Enrollment for Education Solutions number Microsoft to complete 7392924 GOLDS03081

More information

Addendum Windows Azure Data Processing Agreement Amendment ID M129

<Choose> Addendum Windows Azure Data Processing Agreement Amendment ID M129 Addendum Amendment ID Proposal ID Enrollment number Microsoft to complete This addendum ( Windows Azure Addendum ) is entered into between the parties identified on the signature form for the

More information

ETSI TS 102 640-3 V1.1.1 (2008-10) Technical Specification

ETSI TS 102 640-3 V1.1.1 (2008-10) Technical Specification TS 102 640-3 V1.1.1 (2008-10) Technical Specification Electronic Signatures and Infrastructures (ESI); Registered Electronic Mail (REM); Architecture, Formats and Policies; Part 3: Information Security

More information

ETSI TS 101 456 V1.4.3 (2007-05)

ETSI TS 101 456 V1.4.3 (2007-05) TS 101 456 V1.4.3 (2007-05) Technical Specification Electronic Signatures and Infrastructures (ESI); Policy requirements for certification authorities issuing qualified certificates 2 TS 101 456 V1.4.3

More information

Certification Practice Statement

Certification Practice Statement Certification Practice Statement Revision R1 2013-01-09 1 Copyright Printed: January 9, 2013 This work is the intellectual property of Salzburger Banken Software. Reproduction and distribution require

More information

Information Security Policies. Version 6.1

Information Security Policies. Version 6.1 Information Security Policies Version 6.1 Information Security Policies Contents: 1. Information Security page 3 2. Business Continuity page 5 3. Compliance page 6 4. Outsourcing and Third Party Access

More information

Certificate Policy and Certification Practice Statement CNRS/CNRS-Projets/Datagrid-fr

Certificate Policy and Certification Practice Statement CNRS/CNRS-Projets/Datagrid-fr Certificate Policy and Certification Practice Statement CNRS/CNRS-Projets/Datagrid-fr Version 0.3 August 2002 Online : http://www.urec.cnrs.fr/igc/doc/datagrid-fr.policy.pdf Old versions Version 0.2 :

More information

Gatekeeper PKI Framework. February 2009. Registration Authority Operations Manual Review Criteria

Gatekeeper PKI Framework. February 2009. Registration Authority Operations Manual Review Criteria Gatekeeper PKI Framework ISBN 1 921182 24 5 Department of Finance and Deregulation Australian Government Information Management Office Commonwealth of Australia 2009 This work is copyright. Apart from

More information

Merchants and Trade - Act No 28/2001 on electronic signatures

Merchants and Trade - Act No 28/2001 on electronic signatures This is an official translation. The original Icelandic text published in the Law Gazette is the authoritative text. Merchants and Trade - Act No 28/2001 on electronic signatures Chapter I Objectives and

More information

Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015

Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015 Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015 Table of Contents 1. Introduction... 5 1.1. Trademarks...

More information

SECOM Trust.net Root1 CA

SECOM Trust.net Root1 CA CERTIFICATE POLICY/ CERTIFICATION PRACTICE STATEMENT May 22, 2006 Version 2.00 SECOM Trust Systems Co.,Ltd. Revision History Version Date Description V1.00 2003.08.01 Initial Draft (Translated from Japanese

More information

New York State Electronic Signatures and Records Act

New York State Electronic Signatures and Records Act PIANY Doc. No. 31174 New York State Electronic Signatures and Records Act The information contained within this Resource kit was made available by the New York State Department of State Division of Administrative

More information

DNSSEC Policy & Practice Statement for.tz Zone

DNSSEC Policy & Practice Statement for.tz Zone DNSSEC Policy & Practice Statement for.tz Zone Version 1.1 Effective Date: January 1, 2013 Tanzania Network Information Centre 14107 LAPF Millenium Towers, Ground Floor, Suite 04 New Bagamoyo Road, Dar

More information

TeliaSonera Root CA v1 Certificate Practice Statement. Published by: TeliaSonera AB

TeliaSonera Root CA v1 Certificate Practice Statement. Published by: TeliaSonera AB 2007-10-18 1 (46) TeliaSonera Root CA v1 Certificate Practice Statement Published by: TeliaSonera AB Company Information Created Modified Approved Valid from 2007-10-12 Reg. office: Printed Coverage Business

More information

XN--P1AI (РФ) DNSSEC Policy and Practice Statement

XN--P1AI (РФ) DNSSEC Policy and Practice Statement XN--P1AI (РФ) DNSSEC Policy and Practice Statement XN--P1AI (РФ) DNSSEC Policy and Practice Statement... 1 INTRODUCTION... 2 Overview... 2 Document name and identification... 2 Community and Applicability...

More information

ISO 27001 Controls and Objectives

ISO 27001 Controls and Objectives ISO 27001 s and Objectives A.5 Security policy A.5.1 Information security policy Objective: To provide management direction and support for information security in accordance with business requirements

More information

Microsoft Online Subscription Agreement/Open Program License Amendment Microsoft Online Services Security Amendment Amendment ID MOS10

Microsoft Online Subscription Agreement/Open Program License Amendment Microsoft Online Services Security Amendment Amendment ID MOS10 Microsoft Online Subscription Agreement/Open Program License Amendment Microsoft Online Services Security Amendment Amendment ID This Microsoft Online Services Security Amendment ( Amendment ) is between

More information

Registration Practices Statement. Grid Registration Authority Approved December, 2011 Version 1.00

Registration Practices Statement. Grid Registration Authority Approved December, 2011 Version 1.00 Registration Practices Statement Grid Registration Authority Approved December, 2011 Version 1.00 i TABLE OF CONTENTS 1. Introduction... 1 1.1. Overview... 1 1.2. Document name and Identification... 1

More information

Qualified Electronic Signatures Act (SFS 2000:832)

Qualified Electronic Signatures Act (SFS 2000:832) Qualified Electronic Signatures Act (SFS 2000:832) The following is hereby enacted 1 Introductory provision 1 The purpose of this Act is to facilitate the use of electronic signatures, through provisions

More information

DNSSEC Policy Statement Version 1.1.0. 1. Introduction. 1.1. Overview. 1.2. Document Name and Identification. 1.3. Community and Applicability

DNSSEC Policy Statement Version 1.1.0. 1. Introduction. 1.1. Overview. 1.2. Document Name and Identification. 1.3. Community and Applicability DNSSEC Policy Statement Version 1.1.0 This DNSSEC Practice Statement (DPS) conforms to the template included in RFC 6841. 1. Introduction The approach described here is modelled closely on the corresponding

More information

OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES

OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES Table of contents 1.0 SOFTWARE 1 2.0 HARDWARE 2 3.0 TECHNICAL COMPONENTS 2 3.1 KEY MANAGEMENT

More information

This Amendment consists of two parts. This is part 1 of 2 and must be accompanied by and signed with part 2 of 2 (Annex 1) to be valid.

This Amendment consists of two parts. This is part 1 of 2 and must be accompanied by and signed with part 2 of 2 (Annex 1) to be valid. Microsoft Online Subscription Agreement Amendment adding Office 365 Data Processing Agreement (with EU Standard Contractual Clauses) Amendment ID Proposal ID MOSA number Microsoft to complete This Amendment

More information

E-TUGRA INFORMATIC TECHNOLOGIES AND SERVICES CORP (E-TUGRA)

E-TUGRA INFORMATIC TECHNOLOGIES AND SERVICES CORP (E-TUGRA) E-TUGRA INFORMATIC TECHNOLOGIES AND SERVICES CORP (E-TUGRA) QUALIFIED CERTIFICATE POLICY AND PRACTICE STATEMENT (CP-CPS) VERSION 1.0 DATE OF ENTRY INTO FORCE : JUNE, 2008 OID 2.16.792.3.0.4.1.1.2 E-TUGRA

More information

LAW. ON ELECTRONIC SIGNATURE (Official Gazette of the Republic of Montenegro 55/03 and 31/05)

LAW. ON ELECTRONIC SIGNATURE (Official Gazette of the Republic of Montenegro 55/03 and 31/05) LAW ON ELECTRONIC SIGNATURE (Official Gazette of the Republic of Montenegro 55/03 and 31/05) I GENERAL PROVISIONS Article 1 This Law shall regulate the use of electronic signature in legal transactions,

More information

Certification Practice Statement (ANZ PKI)

Certification Practice Statement (ANZ PKI) Certification Practice Statement March 2009 1. Overview 1.1 What is a Certification Practice Statement? A certification practice statement is a statement of the practices that a Certification Authority

More information

TC TrustCenter GmbH Time-Stamp Policy

TC TrustCenter GmbH Time-Stamp Policy GmbH Time-Stamp Policy NOTE: The information contained in this document is the property of TC TrustCenter GmbH. This document may not be copied, distributed, used, stored or transmitted in any form or

More information

Symantec External Certificate Authority Key Recovery Practice Statement (KRPS)

Symantec External Certificate Authority Key Recovery Practice Statement (KRPS) Symantec External Certificate Authority Key Recovery Practice Statement (KRPS) Version 2 24 April 2013 (Portions of this document have been redacted.) Symantec Corporation 350 Ellis Street Mountain View,

More information

Information Security Handbook

Information Security Handbook Information Security Handbook Adopted 6/4/14 Page 0 Page 1 1. Introduction... 5 1.1. Executive Summary... 5 1.2. Governance... 5 1.3. Scope and Application... 5 1.4. Biennial Review... 5 2. Definitions...

More information

CERTIFICATE. certifies that the. Info&AA v1.0 Attribute Service Provider Software. developed by InfoScope Ltd.

CERTIFICATE. certifies that the. Info&AA v1.0 Attribute Service Provider Software. developed by InfoScope Ltd. CERTIFICATE HUNGUARD Informatics and IT R&D and General Service Provider Ltd. as a certification authority assigned by the assignment document No. 001/2010 of the Minister of the Prime Minister s Office

More information

e-authentication guidelines for esign- Online Electronic Signature Service

e-authentication guidelines for esign- Online Electronic Signature Service e-authentication guidelines for esign- Online Electronic Signature Service Version 1.0 June 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry of Communications

More information

Enrollment for Education Solutions Addendum Microsoft Online Services Agreement Amendment 10 EES17 --------------

Enrollment for Education Solutions Addendum Microsoft Online Services Agreement Amendment 10 EES17 -------------- w Microsoft Volume Licensing Enrollment for Education Solutions Addendum Microsoft Online Services Agreement Amendment 10 Enrollment for Education Solutions number Microsoft to complete --------------

More information

ETSI TS 102 640-3 V2.1.1 (2010-01) Technical Specification

ETSI TS 102 640-3 V2.1.1 (2010-01) Technical Specification TS 102 640-3 V2.1.1 (2010-01) Technical Specification Electronic Signatures and Infrastructures (ESI); Registered Electronic Mail (REM); Part 3: Information Security Policy Requirements for REM Management

More information

ETSI EN 319 401 V1.1.1 (2013-01)

ETSI EN 319 401 V1.1.1 (2013-01) EN 319 401 V1.1.1 (2013-01) European Standard Electronic Signatures and Infrastructures (ESI); General Policy Requirements for Trust Service Providers supporting Electronic Signatures 2 EN 319 401 V1.1.1

More information

ELECTRONIC SIGNATURE LAW. (Published in the Official Journal No 25355, 2004-01-23) CHAPTER ONE Purpose, Scope and Definitions

ELECTRONIC SIGNATURE LAW. (Published in the Official Journal No 25355, 2004-01-23) CHAPTER ONE Purpose, Scope and Definitions ELECTRONIC SIGNATURE LAW Purpose (Published in the Official Journal No 25355, 2004-01-23) CHAPTER ONE Purpose, Scope and Definitions Article 1 The purpose of this Law is to regulate the legal and technical

More information

GEOSURE PROTECTION PLAN

GEOSURE PROTECTION PLAN GEOSURE PROTECTION PLAN I. SCOPE/INTRODUCTION The GeoSure Protection Plan is designed to provide protection against economic loss resulting from specific types of risks associated with certain SSL Certificates

More information

ING Public Key Infrastructure Certificate Practice Statement. Version 5.3 - June 2015

ING Public Key Infrastructure Certificate Practice Statement. Version 5.3 - June 2015 ING Public Key Infrastructure Certificate Practice Statement Version 5.3 - June 2015 Colophon Commissioned by Additional copies ING Corporate PKI Policy Approval Authority Additional copies of this document

More information

User Manual Internet Access. for the public key. certification service

User Manual Internet Access. for the public key. certification service User Manual Internet Access for the public key certification service Version 1.2 / October 2014 1 Content TABLE OF CONTENTS 1 GENERAL INFORMATION... 3 1.1 INTRODUCTION... 3 2 IDENTIFICATION DATA... 3 2.1

More information

COMMON CERTIFICATE POLICY FOR THE EXTENDED ACCESS CONTROL INFRASTRUCTURE FOR PASSPORTS AND TRAVEL DOCUMENTS ISSUED BY EU MEMBER STATES

COMMON CERTIFICATE POLICY FOR THE EXTENDED ACCESS CONTROL INFRASTRUCTURE FOR PASSPORTS AND TRAVEL DOCUMENTS ISSUED BY EU MEMBER STATES COMMON CERTIFICATE POLICY FOR THE EXTENDED ACCESS CONTROL INFRASTRUCTURE FOR PASSPORTS AND TRAVEL DOCUMENTS ISSUED BY EU MEMBER STATES BSI TR-03139 Version 2.1 27 May 2013 Foreword The present document

More information

The Electronic Transactions Law Chapter I Title and Definition

The Electronic Transactions Law Chapter I Title and Definition The Union of Myanmar The State Peace and Development Council The Electronic Transactions Law ( The State Peace and Development Council Law No. 5/2004 ) The 12th Waxing of Kason 1366 M.E. (30th April, 2004)

More information

CA Certificate Policy. SCHEDULE 1 to the SERVICE PROVIDER AGREEMENT

CA Certificate Policy. SCHEDULE 1 to the SERVICE PROVIDER AGREEMENT CA Certificate Policy SCHEDULE 1 to the SERVICE PROVIDER AGREEMENT This page is intentionally left blank. 2 ODETTE CA Certificate Policy Version Number Issue Date Changed By 1.0 1 st April 2009 Original

More information

GUIDANCE NOTE ON OUTSOURCING

GUIDANCE NOTE ON OUTSOURCING GN 14 GUIDANCE NOTE ON OUTSOURCING Office of the Commissioner of Insurance Contents Page I. Introduction.. 1 II. Application...... 1 III. Interpretation.... 2 IV. Legal and Regulatory Obligations... 3

More information

Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries

Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries Sopra HR Software as a Data Processor Sopra HR Software, 2014 / Ref. : 20141120-101114-m 1/32 1.

More information

Ford Motor Company CA Certification Practice Statement

Ford Motor Company CA Certification Practice Statement Certification Practice Statement Date: February 21, 2008 Version: 1.0.1 Table of Contents Document History... 1 Acknowledgments... 1 1. Introduction... 2 1.1 Overview... 3 1.2 Ford Motor Company Certificate

More information

Title: Mr Mrs Ms Others... Family Name (in block letters):... First Names (in block letters):... NIC No:...Nationality:...

Title: Mr Mrs Ms Others... Family Name (in block letters):... First Names (in block letters):... NIC No:...Nationality:... Business Credit Card Application Form (Nominee) Nominee Details Title: Mr Mrs Ms Others... Family Name (in block letters):... First Names (in block letters):... Embossing name on card (in block letters

More information

SECTION.0100 - GENERAL ADMINISTRATION

SECTION.0100 - GENERAL ADMINISTRATION 1 1 1 1 1 1 0 1 0 1 SECTION.00 - GENERAL ADMINISTRATION.01 HOW TO CONTACT THE ELECTRONIC COMMERCE SECTION The North Carolina Department of the Secretary of State administers the Electronic Commerce Act.

More information

TR-GRID CERTIFICATION AUTHORITY

TR-GRID CERTIFICATION AUTHORITY TR-GRID CERTIFICATION AUTHORITY CERTIFICATE POLICY AND CERTIFICATION PRACTICE STATEMENT Version 2.1 January, 2009 Table of Contents: TABLE OF CONTENTS:...2 1. INTRODUCTION...7 1.1 OVERVIEW...7 1.2 DOCUMENT

More information

Act. on Strong Electronic Identification and Electronic Signatures (617/2009)

Act. on Strong Electronic Identification and Electronic Signatures (617/2009) NB: Unofficial translation; legally binding texts are those in Finnish and Swedish Act on Strong Electronic Identification and Electronic Signatures (617/2009) Chapter 1 General provisions Section 1 Scope

More information

Newcastle University Information Security Procedures Version 3

Newcastle University Information Security Procedures Version 3 Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations

More information

RapidSSL(tm) Subscriber Agreement

RapidSSL(tm) Subscriber Agreement RapidSSL(tm) Subscriber Agreement Please read the following agreement carefully. By submitting an enrollment form to obtain a RapidSSL Digital Certificate (the Certificate ) and accepting and using such

More information

INFORMATION TECHNOLOGY SECURITY STANDARDS

INFORMATION TECHNOLOGY SECURITY STANDARDS INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL

More information

TR-GRID CERTIFICATION AUTHORITY

TR-GRID CERTIFICATION AUTHORITY TR-GRID CERTIFICATION AUTHORITY CERTIFICATE POLICY AND CERTIFICATION PRACTICE STATEMENT Version 2.3 May 15, 2014 Table of Contents TABLE OF CONTENTS:... 2 1. INTRODUCTION... 7 1.1 OVERVIEW... 7 1.2 DOCUMENT

More information

Compliance Management Systems

Compliance Management Systems Certification Scheme Y03 Compliance Management Systems ISO 19600 ONR 192050 Issue V2.1:2015-01-08 Austrian Standards plus GmbH Dr. Peter Jonas Heinestraße 38 A-1020 Vienna, Austria E-Mail: p.jonas@austrian-standards.at

More information

COMMISSION REGULATION (EU)

COMMISSION REGULATION (EU) L 122/22 Official Journal of the European Union 11.5.2011 COMMISSION REGULATION (EU) No 445/2011 of 10 May 2011 on a system of certification of entities in charge of maintenance for freight wagons and

More information

Department of Information Technology Remote Access Audit Final Report. January 2010. promoting efficient & effective local government

Department of Information Technology Remote Access Audit Final Report. January 2010. promoting efficient & effective local government Department of Information Technology Remote Access Audit Final Report January 2010 promoting efficient & effective local government Background Remote access is a service provided by the county to the Fairfax

More information

ETSI TR 102 458 V1.1.1 (2006-04)

ETSI TR 102 458 V1.1.1 (2006-04) TR 102 458 V1.1.1 (2006-04) Technical Report Electronic Signatures and Infrastructures (ESI); Mapping Comparison Matrix between the US Federal Bridge CA Certificate Policy and the European Qualified Certificate

More information

Rules and Regulations. MCB MasterCard Platinum Debit Card

Rules and Regulations. MCB MasterCard Platinum Debit Card Rules and Regulations MCB MasterCard Platinum Debit Card 3 MCB MasterCard Platinum Debit Card Rules & Regulations 1. Definition In this agreement: Account or Bank Account means the bank account to which

More information

THE RSA ROOT SIGNING SERVICE Certification Practice Statement For RSA Certificate Authorities (CAs) Published By: RSA Security Inc.

THE RSA ROOT SIGNING SERVICE Certification Practice Statement For RSA Certificate Authorities (CAs) Published By: RSA Security Inc. THE RSA ROOT SIGNING SERVICE Certification Practice Statement For RSA Certificate Authorities (CAs) Last Revision Date: June 28, 2007 Version: 3.0 Published By: RSA Security Inc. Copyright 2002-2007 by

More information

ETSI TS 102 640-3 V2.1.2 (2011-09)

ETSI TS 102 640-3 V2.1.2 (2011-09) TS 102 640-3 V2.1.2 (2011-09) Technical Specification Electronic Signatures and Infrastructures (ESI); Registered Electronic Mail (REM); Part 3: Information Security Policy Requirements for REM Management

More information

PCI Data Security and Classification Standards Summary

PCI Data Security and Classification Standards Summary PCI Data Security and Classification Standards Summary Data security should be a key component of all system policies and practices related to payment acceptance and transaction processing. As customers

More information

LAW No. 107/2015 ON ELECTRONIC IDENTIFICATION AND TRUST SERVICES

LAW No. 107/2015 ON ELECTRONIC IDENTIFICATION AND TRUST SERVICES LAW No. 107/2015 ON ELECTRONIC IDENTIFICATION AND TRUST SERVICES Pursuant to article 78 and 83, paragraph 1 of the Constitution, upon the proposal of the Council of Ministers, THE ASSEMBLY OF THE REPUBLIC

More information

Credit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information

Credit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information Credit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information INTRODUCTION Privacy legislation establishes legal privacy rights for individuals and sets enforceable

More information

Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11)

Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11) Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11) Executive Summary...3 Background...4 Internet Growth in the Pharmaceutical Industries...4 The Need for Security...4

More information

Certipost Trust Services. Certificate Policy. for Lightweight Certificates for EUROCONTROL. Version 1.2. Effective date 03 May 2012

Certipost Trust Services. Certificate Policy. for Lightweight Certificates for EUROCONTROL. Version 1.2. Effective date 03 May 2012 Certipost Trust Services Version 1.2 Effective date 03 May 2012 Certipost NV ALL RIGHTS RESERVED. 2 13 Definitions : Activation Data Certificate Certificate Holder Certificate Public Registry Certificate

More information