Press Release

ENISA’s How-to-Guide for Trust Service Providers’ Auditing

Published on April 02, 2015

ENISA has published a report providing guidelines on the auditing framework for Trust Service Providers (TSPs). These guidelines can be used by Trust Service Providers (preparing for audits) and Conformity Assessment Bodies (auditors) having to undergo regular auditing - as set by the eIDAS regulation - and offer a set of good practices which can be used at an organizational level.

The report gives an overview of a typical three-stage audit methodology, listing all relevant requirements for the off-site (documentation level) and on-site (implementation level) assessment procedure, which is finalised with a conformity assessment report.

The main areas discussed are:

  • Obligations, warranties and liability of TSPs
  • Standards applicable to TSPs and Conformity Assessment Bodies
  • Methodology of auditing TSPs (off-site,on-site)
  • TSPs documentation (plans, policies and procedures)
  • Implementation of TSPs services

 

The Executive Director Udo Helmbrecht commented: “It is important to secure services with the appropriate means. Conformity assessment schemes ensure that the level of services corresponding both to the infrastructure (network and physical) and the human resources, meet security requirements, minimising exposure to risks and security incidents. ENISA’s recommendations provide a comprehensive reference document towards the implementation of trusted services”.

Trust services must abide to certain criteria, namely legal requirements, standards (ETSI/CEN/ISO), terms and conditions and the state of the technology. Trust Service Providers (TSPs) are required to comply with these obligations within the framework of the eIDAS (electronic ID, Authentication and Signature) Regulation, adopted by the EU Parliament and the Council of the European Union, for electronic transactions in the internal market.

 

For full report: Auditing Framework for TSPs

For interviews please contact press@enisa.europa.eu , Tel. +30 2814 409576 (att. Slawomir Gorniak, ENISA expert)

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

This site uses cookies to offer you a better browsing experience.
Aside from essential cookies we also use tracking cookies for analytics.
Find out more on how we use cookies.

Accept all cookies Accept only essential cookies