Certification Authority users require assurance that their provider consistently meets high standards for security. QuoVadis maintains independent audits and accreditations pertinent to the jurisdictions and industries of our multinational clients, including certification as a Qualified Trust Service Provider (QTSP) according to eIDAS (EU Regulation 910/2014) and under the Swiss ZertES law. QuoVadis is also a Trust Service Provider for PKIoverheid, the Dutch Government PKI.
|
EU Qualified Trust Service Provider
QuoVadis is a Qualified TSP accredited by Rijksinspectie Digitale Infrastructuur (RDI) in the Netherlands following a certification by BSI against the requirements of ETSI EN 319 411-1 and ETSI EN 319 411-2 to issue Qualified Certificates for Electronic Signature, Electronic Seal, and Website Authentication as well as Qualified Time-Stamps. The certification requires an annual audit of QuoVadis. |
|
|
WebTrust Program for Certification Authorities (CAs)
WebTrust for CAs assesses the adequacy and effectiveness of controls deployed by a Certification Authority. Developed by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA), and now managed by Chartered Professional Accountants of Canada, WebTrust for CAs requires an annual audit. |
|
|
WebTrust for Baseline Requirements
WebTrust for Baseline Requirements is used to assess a CA’s controls against the CA/B Forum “Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates”. WebTrust for BR requires an annual audit. |
|
|
WebTrust for Extended Validation
WebTrust for Extended Validation is used to assess a CA’s controls against the CA/B Forum “Guidelines for the Issuance and Management of EV Certificates.” Only suitably accredited CAs may issue EV SSL. WebTrust for EV requires an annual audit. |
|
|
WebTrust for Code Signing
WebTrust for Code Signing is used to assess a CA’s controls against the Code Signing Working Group’s Minimum Requirements for the Issuance and Management of Publicly-Trusted Code Signing Certificates. WebTrust for Code Signing requires an annual audit. |
|
|
WebTrust for S/MIME
WebTrust for S/MIME is used to assess a CA’s controls against the CA/B Forum “Guidelines for the Issuance and Management of S/MIME Certificates.” Only suitably accredited CAs may issue publicly trusted S/MIME certificates. WebTrust for S/MIME requires an annual audit. |
|
|
ZertES Qualified Trust Services Provider
ZertES is granted by the Swiss Accreditation Service (SAS) and the Swiss Federal Office of Communications (BAKOM) based on an audit by KPMG. It is based on Swiss law and on ETSI standards for Qualified Trust Service Providers (TSP) and Time Stamping Authorities. It requires an annual audit. |
|
|
Netherlands PKIoverheid
QuoVadis is a Trust Service Provider for PKIoverheid, the PKI designed for trustworthy communication within and with the Dutch Government operating under the Staat der Nederlanden Roots. |
|
|
Belgium Qualified Certification Services Provider
QuoVadis is Supervised as an issuer of Qualified Certificates by the Belgian FPS Economy – Quality and Safety. |
|
|
Bermuda Authorised Certification Services Provider
The Bermuda Authorised Certification Service Provider (CSP) accreditation is granted by the Ministry of Energy, Telecommunications and E-Commerce based on an external review defined in the Bermuda Electronic Transactions Act. The CSP standard includes elements of ISO 17799 (Code of Practice for Information Security Management), EESSI (European Electronic Signature Standardisation Initiative), and WebTrust for CAs. It requires a biennial certification. |
|