An application for accreditation must be supported by the following—
(a) |
The constitutive documents of the applicant; |
(b) |
Where the applicant is a certification service provider, a copy of its certification practice statement and certificate policy drafted in accordance with the Internet X.509 Public Key Infrastructure, Certificate Policy and Certification Practices Framework, as well as a written undertaking that it can and will comply with the requirements of its certification practice statement and certificate policy; |
(i) |
detailing the authentication products and services resulting in and used to support an electronic signature in respect of which accreditation is sought; |
(ii) |
detailing procedures in respect of the identification and authentication of subscribers to those authentication products or services, including face-to-face identification; |
(iv) |
addressing the manner in which the applicant will comply with the requirements of the Act and these regulations; |
(v) |
detailing the manner in which information about the applicant's authentication products and services as well as information pertaining to the conditions on which those products and services are offered will be made available to the general public and its subscribers; |
(vi) |
detailing the naming conventions to be used by the applicant, as well as the manner in which the applicant will deal with name ownership, name disputes and name resolutions; and |
(vii) |
indicating how the applicant will ensure the availability of information to third parties relying on the authentication product or service; |
(d) |
Full details of operations relevant to the authentication product or service that have been outsourced; |
(e) |
The applicant's audited financial statements for the three years immediately preceding the application; |
(f) |
General technical specifications of the applicant's hardware and software systems, its information security policies, the standards it complies with, its infrastructure and the location of its facilities relevant to its authentication product or service resulting in and used to support an electronic signature; |
(g) |
The privacy and physical security policy that will be implemented by the applicant in its operations; |
(h) |
An organisational chart; |
(i) |
A statement dealing with the applicant's – |
(ii) |
procedures for processing of authentication products and services; and |
(iii) |
audits and the regularity and extent of such audits; |
(j) |
The full names, job description and curriculum vitae of the applicant in the case of a natural person and of the directors and management in the case of a legal person; |
(l) |
Proof of adequate insurance cover to ensure business continuity; |
(m) |
A disaster recovery plan. |