SwissSign fulfils as trusted service provider (TSP) the requirements of the Swiss Certification Law (ZertES), the EU regulation standards (eIDAS, FINMA outsourcing guidelines, Webtrust and ISO 27001. These recognitions entitle SwissSign to issue qualified electronic and advanced certificates in Switzerland and in the European Union (EU).
SwissSign is also a member of the CA/Browser Forum, the TeleTrusT European Bridge CA and the Adobe Approved Trust List and has been awarded the "swiss made software" label.
SwissSign AG has been a "recognised provider of certification services" in accordance with the Swiss Electronic Signature Act (ZertEs) for many years. This allows SwissSign to issue qualified certificates and products for qualified electronic signatures which enjoy great prestige under Swiss law.
For example, SwissSign issues the SuisseID. With its qualified certificate, a qualified electronic signature can be accorded the same status as a hand-written signature in accordance with the Swiss Code of Obligations. This recognition, however, also allows SwissSign to issue digital certificates to companies and organisations for electronic invoicing (ElDI-V) and archiving (OElDI) in accordance with Swiss law. The details are governed in the applicable Swiss legislation and implementation provisions.
This recognition does not cover other certificate products and services. The certifications associated with this recognition, however, guarantee a controlled level of quality for all certificates offered by SwissSign as well as compliance with the relevant international technical standards: e.g. l ISO 27001, ETSI TS 101456, ETSI TS 101862, ETSI TS 102023, ETSI TS 101861, SR943.03 (ZertES), SR943.032 (VZertES), SR943032:1:2005 (TAV).
KPMG Ltd has confirmed that SwissSign meets the FINMA requirements for outsourcing banking services. Banks can outsource essential services to other providers if these meet the requirements of banking secrecy and data protection. According to the FINMA circular 2008/7 «Outsourcing Banks» (revised in December 2012), this includes automated data manipulation. Here financial service providers outsource the protection of electronic communication and business processes so they can concentrate on their core business. The compliance requirements regarding the protection of client data still have to be fulfilled here. The demand for security solutions is rising constantly.
The CA/Browser Forum is a group of certification authorities (CA) and manufacturers of operating systems, web browsers and other web applications. SwissSign has been a member since 2009.
The members of the CA/Browser Forum work together closely with the objective of increasing Internet security. They define and publish the standards and rules for the issuing and management of SSL certificates. This means that:
TeleTrusT European Bridge CA
SwissSign is a technology partner of the TeleTrusT European Bridge CA (EBCA). The EBCA brings together individual, equal public key infrastructures (PKIs) within a PKI network of trust. It allows for secure and authentic communication between the involved companies, institutions and public administrative bodies. The EBCA is a project of the IT Security Association Germany (TeleTrusT).
swiss made software
SwissSign is a member of the "swiss made software" label. The label stands for Swiss values and quality in the area of software development.
Adobe Approved Trust List
Thanks to the Adobe Approved Trust List (AATL) programme, users can create digital signatures which are classified as trusted upon the opening of signed documents in Acrobat or Reader from version 9.
In both Acrobat and Reader, a list of trusted digital root signatures is downloaded from an Adobe-hosted website every 30 days. A signature linked to a certificate on this list is classified as trusted.
The trusted root certificates are checked by Adobe in compliance with special technical requirements. These ensure high standards in the areas of identity verification and signature credentials. The certificates contain individual and official credentials as well as the credentials of accredited certification providers. SwissSign is a member of the programme and the highest level certificates (EV, SuisseID and organisation certificates) are listed in the AATL.