The continuity of key and certificate management operations was maintained; and



Similar documents
Independent Accountants Report

Independent Accountants Report

WEBTRUST FOR CERTIFICATION AUTHORITIES SSL BASELINE REQUIREMENTS AUDIT CRITERIA V.1.1 [Amended 1 ] CA/BROWSER FORUM

WEBTRUST SM/TM FOR CERTIFICATION AUTHORITIES EXTENDED VALIDATION AUDIT CRITERIA Version 1.1 CA/BROWSER FORUM

Report of Independent Accountants. To the Management of Globalsign SA/NV,

Based on: CA/Browser Forum. Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates Version 1.1.

WebTrust SM/TM for Certification Authorities WebTrust Principles and Criteria for Certification Authorities Extended Validation Code Signing

Danske Bank Group Certificate Policy

CA/Browser Forum. Guidelines For The Issuance And Management Of Extended Validation Code Signing Certificates

BUYPASS CLASS 3 SSL CERTIFICATES Effective date:

Auditor view about ETSI and WebTrust criteria. Christoph SUTTER

fulfils all requirements defined in the technical specification The appendix to the certificate is part of the certificate and consists of 6 pages.

Trust Service Principles and Criteria for Certification Authorities

Certification Practice Statement of CERTUM s Certification Services

THE RSA ROOT SIGNING SERVICE Certification Practice Statement For RSA Certificate Authorities (CAs) Published By: RSA Security Inc.

ENTRUST CERTIFICATE SERVICES

thawte Certification Practice Statement

CA/Browser Forum. Guidelines For The Issuance And Management Of Extended Validation Certificates

ETSI TR V1.1.1 ( )

epki Root Certification Authority Certification Practice Statement Version 1.2

Internet Banking Internal Control Questionnaire

Bugzilla ID: Bugzilla Summary:

RECOMMENDATIONS for the PROCESSING of EXTENDED VALIDATION SSL CERTIFICATES January 2, 2014 Version 2.0

ENTRUST CERTIFICATE SERVICES

TELSTRA RSS CA Subscriber Agreement (SA)

Extended Validation SSL Certificates

CA-DAY Michael Kranawetter, Chief Security Advisor (Tom Albertson, Security Program Manager) Microsoft

Apple Corporate Certificates Certificate Policy and Certification Practice Statement. Apple Inc.

Starfield Technologies, Inc. Certificate Policy and Certification Practice Statement (CP/CPS)

Ford Motor Company CA Certification Practice Statement

Gain a New Level of Trust with Extended Validation SSL Certificates

Certificates. Noah Zani, Tim Strasser, Andrés Baumeler

CA Self-Governance: CA / Browser Forum Guidelines and Other Industry Developments. Ben Wilson, Chair, CA / Browser Forum

Starfield Technologies, LLC. Certificate Policy and Certification Practice Statement (CP/CPS)

Comodo Extended Validation (EV) Certification Practice Statement

Certification Practice Statement. Internet Security Research Group (ISRG)

SYMANTEC NON-FEDERAL SHARED SERVICE PROVIDER PKI SERVICE DESCRIPTION

Electronic Submission of Medical Documentation (esmd) CDA Digital Signatures. January 8, 2013

CERTIFICATION PRACTICE STATEMENT UPDATE

Public Certification Authority Certification Practice Statement of Chunghwa Telecom (PublicCA CPS) Version 1.5

CA/Browser Forum. Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates, v.1.0

Comodo Extended Validation (EV) Certification Practice Statement

Certification Practice Statement for TC TrustCenter Adobe Certified Document Services Certificates

Service Level Program for Ariba cloud Services. Service Accessibility Warranty Security Miscellaneous

SPECIFIC DOCUMENTATION FOR WEBSITE CERTIFICATES

SESSION 3 AUDIT PLANNING

ASSESSMENT REPORT Federal PKI Compliance Report September 6, 2013

QUOVADIS ROOT CERTIFICATION AUTHORITY CERTIFICATE POLICY/ CERTIFICATION PRACTICE STATEMENT. OIDs:

apple WWDR Certification Practice Statement Version 1.8 June 11, 2012 Apple Inc.

TC TrustCenter Certificate Policy Definitions for EV Certificates

INDEPENDENT AUDIT REPORT BASED ON THE REQUIREMENTS OF ETSI TS Aristotle University of Thessaloniki PKI ( WHOM IT MAY CONCERN

Class 3 Registration Authority Charter

DigiCert Certification Practice Statement

TC TrustCenter GmbH. Certification Practice Statement

A R T I C L E S O F A S S O C I A T I O N X I N G AG XING AG

Frequently Asked Questions. Frequently Asked Questions: Securing the Future of Trust on the Internet

TREND MICRO SSL CERTIFICATION PRACTICE STATEMENT. Version 2.0

CERTIFICATION POLICY OF KIR for TRUSTED NON-QUALIFIED CERTIFICATES

Transnet Registration Authority Charter

INTERNATIONAL STANDARD ON AUDITING 250 CONSIDERATION OF LAWS AND REGULATIONS IN AN AUDIT OF FINANCIAL STATEMENTS CONTENTS

Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015

GlobalSign CA Certificate Policy

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS

ComSign Ltd. Certification Practice Statement (CPS)

Management s Discussion and Analysis

Frost & Sullivan. Publisher Sample

Internet Security Research Group (ISRG)

ITL BULLETIN FOR JULY Preparing for and Responding to Certification Authority Compromise and Fraudulent Certificate Issuance

ETSI EN V1.1.1 ( )

SECURITY AND EXTERNAL SERVICE PROVIDERS

Smart Open Services for European Patients Open ehealth initiative for a European large scale pilot of patient summary and electronic prescription

Ericsson Group Certificate Value Statement

INTERNATIONAL STANDARD ON AUDITING 710 COMPARATIVE INFORMATION CORRESPONDING FIGURES AND COMPARATIVE FINANCIAL STATEMENTS CONTENTS

Service Organization Control Reports

Eskom Registration Authority Charter

Trustis FPS PKI Glossary of Terms

Statoil Policy Disclosure Statement

LET S ENCRYPT SUBSCRIBER AGREEMENT

Orange County Industrial Development Authority (a component unit of Orange County, Florida)

Transcription:

Mittlerer Pfad 15 70499 Stuttgart Postfach/P.O. Box 31 16 20 70476 Stuttgart www.de.ey.com Dr. Ralph Geiger-Hilk Phone +49 711 9881 27596 Fax +49 181 3943 27596 ralph.geiger-hilk@de.ey.com Independent Auditor s Report To the Management of T-Systems International GmbH We have examined the assertion by the management of T-Systems International GmbH ( T-Systems ) that during the period 22 June 2013 through 21 June, 2014 for its Certification Authority (CA) operations at Netphen and Bamberg, Germany, for the CA TeleSec ServerPass DE-1, CA TeleSec ServerPass DE-2, CA T-TeleSec GlobalCA Class 2, CA TeleSec ServerPass Class 2 CA, CA T-TeleSec Extended Validation SSL CA Class 3, CA TeleSec ServerPass Extended Validation Class 3 CA, CA TeleSec ServerPass CA 1, CA Shared Business CA, CA Shared Business CA 3, CA Shared Business CA 4 and CA TeleSec Business CA 1 has: Disclosed its Certificate practices and procedures and its commitment to provide SSL Certificates in conformity with the applicable CA/Browser Forum Guidelines Maintained effective controls to provide reasonable assurance that: Subscriber information was properly collected, authenticated (for the registration activities performed by the CA, Registration Authority (RA) and subcontractor) and verified; The integrity of keys and certificates it manages was established and protected throughout their life cycles. Maintained effective controls to provide reasonable assurance that: Logical and physical access to CA systems and data was restricted to authorized individuals; The continuity of key and certificate management operations was maintained; and Independent Member of Ernst & Young Global Limited Chairman Supervisory Board: StB Prof. Dr. Dr. h.c. mult. Otto H. Jacobs - Board of Management: WP/StB Georg Graf Waldersee, Chairman WP/StB Ute Benzel - Ana-Cristina Grohnert - WP/StB Rudolf Krämmer - WP/StB Alexander Kron - WP/StB Prof. Dr. Norbert Pfitzer WP/StB Gunther Ruppel - dipl. WP Markus T. Schweizer - StB/CPA Mark Smith - WP/StB Claus-Peter Wagner - WP/StB Prof. Dr. Peter Wollmert Registered Office : Stuttgart - Legal Form: GmbH - Amtsgericht Stuttgart HRB 730277 - VAT: DE 147799609

Page 2 CA systems development, maintenance and operations were properly authorized and performed to maintain CA systems integrity. in accordance with the WebTrust for Certification Authorities SSL Baseline Requirements Audit Criteria version 1.1. T-Systems management is responsible for its assertion. Our responsibility is to express an opinion based on our audit. Our audit was conducted in accordance with International Standards on Assurance Engagements and, accordingly, included: (1) obtaining an understanding of T-Systems SSL certificate life cycle management practices and procedures, including its relevant controls over the issuance, renewal and revocation of SSL certificates, (2) selectively testing transactions executed in accordance with disclosed SSL certificate life cycle management practices, (3) testing and evaluating the operating effectiveness of the controls, and (4) performing such other procedures as we considered necessary in the circumstances. We believe that our audit provides a reasonable basis for our opinion. In our opinion, T-Systems management s assertion, as referred to above, is fairly stated, in all material respects, in accordance with the WebTrust for Certification Authorities SSL Baseline Requirements Audit Criteria. The relative effectiveness and significance of specific controls at T-Systems and their effect on assessments of control risk for subscribers and relying parties are dependent on their interaction with the controls, and other factors, present at individual subscriber and relying party locations. We have performed no procedures to evaluate the effectiveness of controls at individual subscriber and relying party locations. Because of the nature and inherent limitations of controls, T-Systems ability to meet the aforementioned criteria may be affected. For example, controls may not prevent, or detect and correct, error, fraud, unauthorized access to systems and information, or failure to comply with internal and external policies or requirements. Also, the projection of any conclusions based on our findings to future periods is subject to the risk that changes may alter the validity of such conclusions.

Page 3 This report does not include any representation as to the quality of T-Systems certification services beyond those covered by the WebTrust for Certification Authorities SSL Baseline Requirements Audit Criteria, or the suitability of any of T-Systems services for any customer's intended purpose. Ernst &Young GmbH Stuttgart, Germany Olaf Riedel Partner Herbert Engelbrecht Partner signed

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information