SwissSign is audited by KPMG Switzerland and is recognised as an official certification authority (CA). This recognition entitles SwissSign to issue qualified electronic and advanced certificates.
SwissSign is also a member of the CA/Browser Forum, the TeleTrusT European Bridge CA and the Adobe Approved Trust List and has been awarded the "swiss made software" label.
SwissSign AG has been a "recognised provider of certification services" in accordance with the Swiss Electronic Signature Act (ZertEs) for many years. This allows SwissSign to issue qualified certificates and products for qualified electronic signatures which enjoy great prestige under Swiss law.
For example, SwissSign issues the SuisseID. With its qualified certificate, a qualified electronic signature can be accorded the same status as a hand-written signature in accordance with the Swiss Code of Obligations. This recognition, however, also allows SwissSign to issue digital certificates to companies and organisations for electronic invoicing (ElDI-V) and archiving (OElDI) in accordance with Swiss law. The details are governed in the applicable Swiss legislation and implementation provisions.
This recognition does not cover other certificate products and services. The certifications associated with this recognition, however, guarantee a controlled level of quality for all certificates offered by SwissSign as well as compliance with the relevant international technical standards: e.g. l ISO 27001, ETSI TS 101456, ETSI TS 101862, ETSI TS 102023, ETSI TS 101861, SR943.03 (ZertES), SR943.032 (VZertES), SR943032:1:2005 (TAV).
The products and solutions of Swiss Post for secure electronic communication and digital identity have been given another seal of quality. KPMG Ltd has confirmed that the Digital Trust Services meet the FINMA requirements for outsourcing banking services. They are used at many financial institutions.
For secure electronic communication and the protection of electronic business processes, under the label «Digital Trust Services» Swiss Post offers the secure e-mail service IncaMail, the digital identity SuisseID and also SwissSign security certificates. The quality of these Digital Trust Services has been certified on the basis of international standards. In addition, the auditing firm KPMG has now confirmed that the solutions also meet the requirements of the Swiss Financial Market Supervisory Authority FINMA regarding the outsourcing of areas of operations of banks.
Banks can outsource essential services to other providers if these meet the requirements of banking secrecy and data protection. According to the FINMA circular 2008/7 «Outsourcing Banks» (revised in December 2012), this includes automated data manipulation. Here financial service providers outsource the protection of electronic communication and business processes so they can concentrate on their core business. The compliance requirements regarding the protection of client data still have to be fulfilled here. The demand for security solutions is rising constantly.
The Digital Trust Services from Swiss Post Solutions take on the protection and optimisation of electronic data processing for many financial institutions. The Cantonal Bank of St Gallen, for example, uses IncaMail for secure electronic communication with clients and reaches its clients specifically via encrypted e-mails. SuisseID is used by several thousand clients of Swissquote for secure login to online trading and for confirmations of transactions. Many financial institutions rely on SwissSign security certificates for e-mail signatures, logins and SSL certificates.
With the patented SAFE technology, IncaMail is recognised as a secure delivery platform by the Swiss Federal Department of Finance for electronic legal dealings in e-government and is certified according to ISO/IEC 27001.
SuisseID provides secure online authentication (also via mobile devices thanks to the Mobile Service) as well as legally valid digital signatures. It is subject to regular external audits according to the Federal Act on Electronic Signatures (ZertES) and is certified according to ISO/IEC 27001.
SwissSign certificates comply with requirements of the international standards ETSI (European Telecommunications Standards Institute), Webtrust and CA Browser Forum, and are also certified according to ISO/IEC 27001.
The CA/Browser Forum is a group of certification authorities (CA) and manufacturers of operating systems, web browsers and other web applications. SwissSign has been a member since 2009.
The members of the CA/Browser Forum work together closely with the objective of increasing Internet security. They define and publish the standards and rules for the issuing and management of SSL certificates. This means that:
TeleTrusT European Bridge CA
SwissSign is a technology partner of the TeleTrusT European Bridge CA (EBCA). The EBCA brings together individual, equal public key infrastructures (PKIs) within a PKI network of trust. It allows for secure and authentic communication between the involved companies, institutions and public administrative bodies. The EBCA is a project of the IT Security Association Germany (TeleTrusT).
swiss made software
SwissSign is a member of the "swiss made software" label. The label stands for Swiss values and quality in the area of software development.
Adobe Approved Trust List
Thanks to the Adobe Approved Trust List (AATL) programme, users can create digital signatures which are classified as trusted upon the opening of signed documents in Acrobat or Reader from version 9.
In both Acrobat and Reader, a list of trusted digital root signatures is downloaded from an Adobe-hosted website every 30 days. A signature linked to a certificate on this list is classified as trusted.
The trusted root certificates are checked by Adobe in compliance with special technical requirements. These ensure high standards in the areas of identity verification and signature credentials. The certificates contain individual and official credentials as well as the credentials of accredited certification providers. SwissSign is a member of the programme and the highest level certificates (EV, SuisseID and organisation certificates) are listed in the AATL.