Certifications and memberships

Paragraph steht symbolisch für Zertifikationen

SwissSign is audited by KPMG Switzerland and is recognised as an official certification authority (CA). This recognition entitles SwissSign to issue qualified electronic and advanced certificates.

SwissSign is also a member of the CA/Browser Forum, the TeleTrusT European Bridge CA and the Adobe Approved Trust List and has been awarded the "swiss made software" label.

 

SwissSign AG has been a "recognised provider of certification services" in accordance with the Swiss Electronic Signature Act (ZertEs) for many years. This allows SwissSign to issue qualified certificates and products for qualified electronic signatures which enjoy great prestige under Swiss law.

For example, SwissSign issues the SuisseID. With its qualified certificate, a qualified electronic signature can be accorded the same status as a hand-written signature in accordance with the Swiss Code of Obligations. This recognition, however, also allows SwissSign to issue digital certificates to companies and organisations for electronic invoicing (ElDI-V) and archiving (OElDI) in accordance with Swiss law. The details are governed in the applicable Swiss legislation and implementation provisions.

This recognition does not cover other certificate products and services. The certifications associated with this recognition, however, guarantee a controlled level of quality for all certificates offered by SwissSign as well as compliance with the relevant international technical standards: e.g. l ISO 27001, ETSI TS 101456, ETSI TS 101862, ETSI TS 102023, ETSI TS 101861, SR943.03 (ZertES), SR943.032 (VZertES), SR943032:1:2005 (TAV).

  • ISO 27001 certification (PDF, 230 KB)
  • KPGM main certification audit 2017 in accordance with the CSP Standards ZertES, VZertES, TAV (SR 943.032.1 PKI standards for Switzerland), ETSI EN 319 411-2 [2016-02], ETSI EN 319 412-5 and ETSI EN 319 411 [2016-02], ETSI EN 319 421 (PKI standards for Europe), CAB/Forum Baseline and CAB/Forum EV Guideline with ETS EN 319.403 and referenced PKI standards for the PKI Trust Center of SwissSign AG. : certification for Extended Validation (EV) advanced certificates and end users (PDF, 110 KB)

The products and solutions of Swiss Post for secure electronic communication and digital identity have been given another seal of quality. KPMG Ltd has confirmed that the Digital Trust Services meet the FINMA requirements for outsourcing banking services. They are used at many financial institutions.
 

For secure electronic communication and the protection of electronic business processes, under the label «Digital Trust Services» Swiss Post offers the secure e-mail service IncaMail, the digital identity SuisseID and also SwissSign security certificates. The quality of these Digital Trust Services has been certified on the basis of international standards. In addition, the auditing firm KPMG has now confirmed that the solutions also meet the requirements of the Swiss Financial Market Supervisory Authority FINMA regarding the outsourcing of areas of operations of banks. 


Growing demand for security solutions in the financial market

Banks can outsource essential services to other providers if these meet the requirements of banking secrecy and data protection. According to the FINMA circular 2008/7 «Outsourcing Banks» (revised in December 2012), this includes automated data manipulation. Here financial service providers outsource the protection of electronic communication and business processes so they can concentrate on their core business. The compliance requirements regarding the protection of client data still have to be fulfilled here. The demand for security solutions is rising constantly. 


Secure communication and business processes at financial institutions

The Digital Trust Services from Swiss Post Solutions take on the protection and optimisation of electronic data processing for many financial institutions. The Cantonal Bank of St Gallen, for example, uses IncaMail for secure electronic communication with clients and reaches its clients specifically via encrypted e-mails. SuisseID is used by several thousand clients of Swissquote for secure login to online trading and for confirmations of transactions. Many financial institutions rely on SwissSign security certificates for e-mail signatures, logins and SSL certificates.  


Recent confirmation of KPMG adds to existing quality seals

With the patented SAFE technology, IncaMail is recognised as a secure delivery platform by the Swiss Federal Department of Finance for electronic legal dealings in e-government and is certified according to ISO/IEC 27001.

SuisseID provides secure online authentication (also via mobile devices thanks to the Mobile Service) as well as legally valid digital signatures. It is subject to regular external audits according to the Federal Act on Electronic Signatures (ZertES) and is certified according to ISO/IEC 27001.

SwissSign certificates comply with requirements of the international standards ETSI (European Telecommunications Standards Institute), Webtrust and CA Browser Forum, and are also certified according to ISO/IEC 27001.

 

Logo CA/Browser Forum

CA/Browser Forum

The CA/Browser Forum is a group of certification authorities (CA) and manufacturers of operating systems, web browsers and other web applications. SwissSign has been a member since 2009.

The members of the CA/Browser Forum work together closely with the objective of increasing Internet security. They define and publish the standards and rules for the issuing and management of SSL certificates. This means that:

  • The root certificates of certification authorities (CAs) are integrated within web browser certificate stores – subject to the fulfilment of the baseline requirements, EV guidelines and network security demands.
  • Web browser manufacturers can specially indicate the Internet sites of trusted providers in the browser display.
  • Users can ultimately recognise secure Internet sites on the basis of a symbol (e.g. a padlock) or the colour highlighting of the accessed Internet address.

Further information


Logo TeleTrusT

TeleTrusT European Bridge CA

SwissSign is a technology partner of the TeleTrusT European Bridge CA (EBCA). The EBCA brings together individual, equal public key infrastructures (PKIs) within a PKI network of trust. It allows for secure and authentic communication between the involved companies, institutions and public administrative bodies. The EBCA is a project of the IT Security Association Germany (TeleTrusT).

Further information


Logo swiss made software

swiss made software

SwissSign is a member of the "swiss made software" label. The label stands for Swiss values and quality in the area of software development.

Further information

Logo CA/Browser Forum




Adobe Approved Trust List

Thanks to the Adobe Approved Trust List (AATL) programme, users can create digital signatures which are classified as trusted upon the opening of signed documents in Acrobat or Reader from version 9.

In both Acrobat and Reader, a list of trusted digital root signatures is downloaded from an Adobe-hosted website every 30 days. A signature linked to a certificate on this list is classified as trusted.

The trusted root certificates are checked by Adobe in compliance with special technical requirements. These ensure high standards in the areas of identity verification and signature credentials. The certificates contain individual and official credentials as well as the credentials of accredited certification providers. SwissSign is a member of the programme and the highest level certificates (EV, SuisseID and organisation certificates) are listed in the AATL.

Further information



 

 

Loading