Medicines and Related Substances Act, 1965
R 385
Electronic Communications and Transactions Act, 2002 (Act No. 25 of 2002)Accreditation RegulationsChapter III : Requirements for certification service providers20. Records to be kept |
(1) | For purposes of section 38(4)(f) of the Act, the following records must be kept by a certification service provider for a period of seven years or for some other period that the South African Accreditation Authority may determine— |
(a) | applications for the issuing of certificates; |
(b) | registration and verification documents for certificates generated; |
(c) | certificates in a manner such that— |
(i) | no-one, with the exception of parties authorised to do so, can make changes to the certificates; |
(ii) | it is possible to verify that the information is correct; and |
(iii) | the certificate is available to the public only if this is expressly permitted by the subscriber; |
(d) | information related to suspended certificates; |
(e) | information related to expired and revoked certificates; |
(f) | reliable records and logs for activities that are core to the certification service provider's operations, such as certificate management, key generation and administration of its computing facilities. |
(2) | An accredited service provider must maintain its repository in such a manner that subscribers and relying parties can readily access records to which the authentication service provider permits access. |
(3) | All records must be kept in such a manner as to ensure the security, integrity and accessibility of the information and records for purposes of their retrieval and inspection by the South African Accreditation Authority. |
(4) | All archived records may be re-signed to protect their integrity and reliability in the event of technological advances that might impact on the reliance that can be placed on the original records. |
(5) | If a certification service provider's authentication products and services are based on PKI, key certificates must be re-signed in accordance with the key lengths specified in the certification practice |