• Audit
• Laws

This pages links to some relevant laws and institutions. <<table>>

Laws

Australia

• Electronic Transactions Act 1999 en

Austria

• Bundesgesetz über elektronische Signaturen (Signaturgesetz - SigG) de

• Verordnung des Bundeskanzlers über elektronische Signaturen (Signaturverordnung 2008 – SigV 2008) de

European Union

• Richtlinie 1999/93/EG des Europäischen Parlaments und des Rates vom 13. Dezember 1999 über gemeinschaftliche Rahmenbedingungen für elektronische Signaturen --- Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures de fr en es etc. etc.

Germany

• Gesetz über Rahmenbedingungen für elektronische Signaturen, SigG de

Liechtenstein

• Gesetz über elektronische Signaturen (Signaturgesetz; SigG) de

• Verordnung über elektronische Signaturen (Signaturverordnung; SigV) de

Switzerland

• 943.03 Bundesgesetz über Zertifizierungsdienste im Bereich der elektronischen Signatur (Bundesgesetz über die elektronische Signatur, ZertES) de fr it

See also

• Laws regarding use of electronic signature

• Digital signatures laws of many countries

• e-signature legal wiki

• Tractis

Accreditation

Some certifications done by other CA:

ZertES Qualified Certification Services Provider

ZertES is granted by the Swiss Accreditation Service (SAS) and the Swiss Federal Office of Communications (BAKOM) based on an audit by KPMG. It is based on Swiss law and on ETSI standards for Qualified Certification Service Providers (CSP) and Time Stamping Authorities. It requires an annual audit.

EUgridPMA

The EUGridPMA coordinates the trust fabric for e-Science Grid authentication in Europe. QuoVadis operates a managed CA for EuroGridPMA members that is accredited to meet the Authentication Profile of the International Grid Trust Federation (IGTF). Other IGTF members include APGridPMA for the Asia-Pacific region and TAGPMA for the Americas.

WebTrust for Certification Authorities

WebTrust for CAs is the dominant commercial standard to assess the adequacy and effectiveness of controls deployed by a Certification Authority. Developed and managed jointly by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA), WebTrust for CAs requires an annual audit.

WebTrust for Extended Validation

WebTrust for Extended Validation is used to assess a CA’s controls against the CA/B Forum “Guidelines for the Issuance and Management of EV Certificates.” Only suitably accredited CAs may issue EV SSL. WebTrust for EV requires an annual audit.

Netherlands and EU Qualified Certification Services Provider

Compliance with Dutch and European law ([http://www.ecp.nl/college-van-belanghebbenden-ttpnl|TTP.NL Scheme for Certification Authorities]] against the requirements of the ETSI TS 101 456 standard for Qualified Certification Service Providers) is certified by BSI. The certification requires an annual audit.

ISO/IEC 27001

Certification for compliance with ISO/IEC 27001 "Information Security Management Systems Requirements Specification" (formerly known as BS7799-2) by QMS. ISO/IEC 27001 is an internationally-recognised certificate for evaluating how securely an organisation manages and stores its information and data. The certification requires an annual audit.

Netherlands PKI Overheid

If a CA is a Certificate Service Provider for PKI Overheid, the PKI designed for trustworthy communication within and with the Dutch Government.

• CategoryGoverningBodies