Terms of Reference of the SEPA Cards Certification Management Body (SCCMB)



Similar documents
EPC SEPA CARDS STANDARDISATION (SCS) VOLUME

EPC SEPA CARDS STANDARDISATION (SCS) VOLUME

Payments and Withdrawals with Cards in SEPA Applicable Standards and Certification Process

Paving the way for a SEPA wide Payment Solution. The OSCar Project June 2013

Transaction Security. Training Academy

Transaction Security. Advisory Services

SEPA Security Certification Framework

Legal aspects e-mandates

Euro Retail Payment Board

INTEROPERABILITY UNIT

Or the. EPASOrg Annual Conference ISO card payment standards development. William VANOBBERGHEN, Secretary General, EPASOrg

RSPO Supply Chain Certification Standard. For organizations seeking or holding certification

GOVERNANCE AND THE EHR4CR INSTITUTE

A Retailer Guide to Bank Accreditation

Business Operations. Module Db. Capita s Combined Offer for Business & Enforcement Operations delivers many overarching benefits for TfL:

Overview of GFSI and Accredited Certification

SCHEDULE 8 Generalist Project Services Framework 2015

DISCUSSION PAPER ON SEMANTIC AND TECHNICAL INTEROPERABILITY. Proposed by the ehealth Governance Initiative Date: October 22 nd, 2012

OIML D 18 DOCUMENT. Edition 2008 (E) ORGANISATION INTERNATIONALE INTERNATIONAL ORGANIZATION

Standard Monitoring Procedures

Transaction Security. Test & Certification and Security Evaluation

The CBI experience. Liliana Fratini Passi

The IP3 accreditation process. Bob Hart Chief Assessor September 2008

Developing a new Protection Profile for (U)SIM UICC platforms. ICCC 2008, Korea, Jiju Septembre 2008 JP.Wary/M.Eznack/C.Loiseaux/R.

NIST-Workshop 10 & 11 April 2013

Opinion and recommendations on challenges raised by biometric developments

(Draft) Transition Planning Guidance for ISO 9001:2015

Scheme rules for thermal insulation products for building equipment and industrial installations - VDI certification scheme

Foreword Introduction - The Global Food Safety Initiative (GFSI) Scope Section Overview Normative References...

3000_115 Competency Standard: Certified Practitioner in Asset Management (CPAM)

RSPO Supply Chain Certification Standard 2014 Transition Toolkit

Standards and accreditation. Tools for delivering better regulation

An Introduction to Eaquals Accreditation

Final Document. As approved by RSPO Executive Board. 25 November RSPO will transform markets to make sustainable palm oil the norm

ISCC 103 Quality Management. Quality Management ISCC V 2.3-EU

Implementation of eidas through Member States Supervisory Bodies

Spillemyndigheden s change management programme. Version of 1 July 2012

National Institute of Justice

Expert Group on Cloud Computing Services and Standards ( EGCCSS ) Formation of Working Groups

Certification Procedure of RSPO Supply Chain Audit

The problem of cloud data governance

EUROPEAN COMMISSION Enterprise and Industry DG

COMMISSION OF THE EUROPEAN COMMUNITIES

IAF Informative Document. Transition Planning Guidance for ISO 9001:2015. Issue 1 (IAF ID 9:2015)

Chain of Custody Standard

COMPLIANCE FRAMEWORK AND REPORTING GUIDELINES

INTRODUCTION TO ISO 9001 REVISION - COMMITTEE DRAFT

EPEAT CONFORMITY ASSESSMENT PROTOCOLS : 4.4 Product longevity/life cycle extension

Federal law on certification services in the area of the electronic signature

BASE CONSTRUCTION INC

Annex 2: Rules and Procedures for the Swiss-Polish Cooperation Programme

Private Certification to Inform Regulatory Risk-Based Oversight: Discussion Document

CONSULTATION DELIVERING LIFETIME ASSURED BEEF

Guidance on standard scales of unit costs and lump sums adopted under Article 14(1) Reg. (EU) 1304/2013

Draft Pan-Canadian Primary Health Care Electronic Medical Record Content Standard, Version 2.0 (PHC EMR CS) Frequently Asked Questions

Office of the National Coordinator for Health Information Technology Supporting Meaningful Use. July 22, 2010

International Processing for the Financial Industry

National Cyber Security Policy -2013

Audit of the control body through the monitoring of compliance with control plan. Measures for the irregularities

Copyright, Language, and Version Notice The official language of this [Certification Protocol] is English. The current version of the [Certification

HORIZON Energy Efficiency and market uptake of energy innovations. Linn Johnsen DG ENER C3 Policy Officer

A Guide to EMV Version 1.0 May 2011

Application for Approved (Overseas/Local) Third Party Inspection Agency for Lifting Equipment

EMV Migration and Certification in the U.S. UL's View on Optimizing EMV Brand Certification Processes

Department of Defense INSTRUCTION

Improving the quality of certification, measurement, verification and validation of conformity assessment results Dr Elsabe Steyn

GCF Certification Test once, use anywhere certification for mobile devices A white paper from the Global Certification Forum

DIRECTIVE 2014/32/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

Change Document Version November 2011 versus Version November 2014

Briefing Note on the ICGLR Regional Certification Mechanism

Mohammed Dadas - Vice President, OIPF!

COMMISSION REGULATION (EU)

DATA STANDARDS POLICY

Connected Diagnostics

How To Manage A Province Of Philippines

Questions & Answers clarifying key aspects of the SEPA Cards Framework

The Sustainable Soy Sourcing Guidelines Second Edition

Training Catalogue

RSPO Supply Chain Certification Systems

5 Things to Look for in a Cloud Provider When it Comes to Security

Compliance. Group Standard

Certification Report

EUROPEAN COMMISSION ENTERPRISE AND INDUSTRY DIRECTORATE-GENERAL. Space, Security and GMES Security Research and Development

This document is meant purely as a documentation tool and the institutions do not assume any liability for its contents

FSC INTERNATIONAL STANDARD

Cyber Essentials Scheme. Summary

SCS FSC Chain-of-Custody Guidance for Certification of Multiple Sites

Transcription:

Terms of Reference of the SEPA Cards Certification Management Body (SCCMB) Draft V1.0.1 2 nd June 2015

1 DEFINITIONS A Card Payment Scheme/Approval Body is an organisation that is subject to Oversight and Regulation and which is responsible for Risk Assessment, which cannot be delegated. It also ensures end-to-end interoperability of all approved solutions of the card payment chain. Therefore it: Selects the required/recognised Implementation Specifications; Relies upon the certification processes of solutions against these Implementation Specifications; Is responsible for issuing Type Approval for solutions certified by one or more certification bodies for a particular market or CPS. A Certification Body is an organisation responsible for: Issuing certificates to confirm that solutions have been successfully tested against a given implementation specification. This process is based on evaluations or tests performed by laboratories accredited by the certification body. A Specification Provider is an organisation which: Uses or develops Implementation Specifications based upon the high level requirements specified in the Volume for use by Solution Providers to develop solutions; Provides a maintenance process, notably for interoperability and/or security issues linked to the implementation specifications; Has its own certification body or a relationship (formal or informal) with an external certification body to certify solutions. The tasks to ensure the above mentioned functions can either be in the same organisation or in several separate organisations, such as: 1. One or several independent organisations purely for the production of the Implementation Specification (detailed technical specifications); 2. One or several independent organisations for the certification of the solutions. Any further definition and abbreviation can be found within the latest published version of the SEPA Cards Standardisation (SCS) Volume, Book 1. Note that several Implementation Specifications may be developed based on the requirements contained in the Volume as several alternative Implementation Specifications (e.g. POI to Acquirer protocols) can coexist in the market. It will be up to the market to decide on the future evolution of such Implementation Specifications.

Solution Providers offer solutions based on Implementation Specifications for one or several components of the card payment value chain (e.g. a card, a POI, an acquirer host). Some solutions may integrate several Implementation Specifications, for instance a POI should at least integrate the POI application, the POI to Acquirer protocol, and the POI to card protocol. The Conformance Ecosystem as described above applies to both functional and security related aspects.

2 SCCMB SCOPE AND MISSIONS 2.1 General Scope & Missions The SCCMB role is to monitor the conformance to the SEPA Card Standardisation Volume of: Implementation Specifications and their Providers, including Certification Bodies ( ISPs ). The conformance verification of an ISP is called Labelling. Other Card Stakeholders ( non-isps : Card Schemes/Approval Bodies; PSPs; Processors; Vendors; Retailers, i.e. Stakeholders of the 5 sectors of the CSG). The conformance verification of non-isps is called SCS Volume Conformance Verification. The initial priority of the SCCMB is Labelling, which will be put in place immediately. The setup of a Conformance process for other sectors will be decided gradually by the CSG. 2.2 Objectives The objectives of the SCCMB are: To promote conformance of implementation specifications to SCS Volume through the use of a Label. To encourage all stakeholders wishing to be SCS Volume conformant to use the relevant requirements set in the Volume. To verify conformance for the sake of monitoring SCS Volume conformance. 2.3 Activities The SCCMB shall perform the following activities: Manage the Labelling process of conformance verification, as described in Book 5 of the SCS Volume. Refer to the SCS Volume version to be complied with.

Publish the forms and process for Labelling and SCS Volume Conformance Verification Collect the declarations of Labelling or Conformance Manage the process, confirming the conformance based on evidences provided by Specification Providers or other Stakeholders Publish the list of Labelled Implementation Specifications (their Specification Providers and where appropriate, the associated Certification Bodies), reference to the SCS Volume version and validity period of the label Publish the list of verified Conformant Solutions or Services and their providing stakeholders, reference to the Volume version and validity period

3 CONFORMANCE PROCESS FOR IMPLEMENTATION SPECIFICATION PROVIDERS AND CERTIFICATION BODIES: LABELLING The Volume defines high level functional and security requirements. Based on these requirements detailed Implementation Specifications can be developed against which a Solution Provider, such as a POI Vendor, is able to develop solutions, such as a POI terminal. The conformance of a solution with an Implementation Specification is controlled by the Certification process. The Labelling process, which is optional, verifies that an Implementation Specification and its governance and maintenance processes conform to the requirements of the Volume. The management of the Labelling process will be undertaken by the Labelling entity (SCCMB). The Specification Providers are the entities who will submit their specification to the SCCMB for verifying their conformance to the volume through the Labelling process. The labelling requirements to be respected are detailed in the Book 5 of the SCS Volume. These requirements have to be respected by Implementation Specification Providers (including internal or associated Certification Bodies).

4 CONFORMANCE PROCESS FOR OTHER CARD STAKEHOLDERS This section will describe the conformance process for other entities, namely Card Schemes, Processors, Vendors, Retailers and PSPs. These Conformance Verification Processes might vary in their nature from strong mandates to simple recommendations or expectations. This will be decided one-by-one by the CSG, as well as the implementation dates of each of the Conformance Verification processes. This section will be detailed at a further stage, including declaration processes and forms for each of the sectors. Some requirements dedicated specifically to some sectors are already detailed in the SCS Volume (notably Book 5, 6 and 7 for Card Payment Schemes or Approval Bodies). These will serve as a basis to develop this section.

5 GOVERNANCE OF THE SCCMB The governance of the SCCMB will be closely linked to the new CSG Governance to be established by the end of 2015. In order to prepare the effective work of the SCCMB, an SCCMB Preparatory Task Force will also start to test and establish the operational activities of the SCCMB, notably: Refinement of the SCS Volume Conformance Assessment Guide and procedure for all actors Support of the actors to be monitored First contacts with identified organisations Initial assessment of conformance declaration Before a new governance is established for both the CSG and the SCCMB, the SCCMB Preparatory Task Force will start working under current CSG Governance, as a Task Force of the Book 5 Expert Team, under the current Book 5 ET Terms of Reference. The ultimate decisions will have to be taken at CSG level on the basis of SCCMB prepared resolutions.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information