Home   >   FAQ

Certification

What is an accredited certificate?

Accredited certification allows companies to prove that they meet the requirements of a recognised standard of their own choosing. The certificate is awarded after a successful audit by a certification body.

In order to be able to carry out such certification, the certification body must prove its competence in relation to certification. This is done within the framework of regular audits and the subsequent verification of competences by the national accreditation body DAkkS (Deutsche Akkreditierungsstelle GmbH).

Certification by an independent accredited third party ensures that the requirements of the chosen standard are independently verified and complied with.

What is an in-house certificate?

In-house certificates have special requirement catalogues, which are not only based on standards and laws (ISO 27001, BDSG, ISO 27033/18028), but also on special “TÜV TRUST IT” own criteria as well as common best practices of IT security.

What certification options are available?

TÜV TRUST IT currently offers the following certifications:

  • Certification audits according to ISO/IEC 27001 on the basis of basic IT protection
  • Certification of IT applications “Trusted Application”
  • Certification of apps “Trusted App”
  • Certification of cloud services “Trusted Cloud Service”
  • Certification of data centres “Trusted Data Center”
  • Certification of IT services “Trusted Service”
  • Certification of development processes “Trusted Development”
  • Certification of network components “Trusted Infrastructure”
  • Certification of IT service quality “TÜV Approved IT-Service Quality”
  • Testing and certification of IoT devices “Trusted IoT Device”
  • Certification of ERP systems “Trusted ERP”

In addition, TÜV AUSTRIA Deutschland GmbH is available to you natively as a partner for certifications according to ISO/IEC 27001.

What is the certification audit process for in-house certificates?

After the order has been placed, a detailed project plan is drawn up in agreement with the project manager. This contains defined milestones as well as requirements regarding the availability of staff and access to specific information and premises.

Usually, in addition to a technical check of the infrastructure and the relevant test object, the relevant organisational processes for administration are also checked. A data protection check is also used to assess the handling of relevant information (e.g. customer data) in compliance with data protection requirements. The organisational analyses are carried out on the basis of document reviews and additional interviews. In some cases, it is possible to carry out several of these steps in tandem during the project.

What is the certification audit process for accredited certificates (ISO/IEC 27001)?

The audit for an accredited certification takes place in two steps. First, there is a comprehensive document review in which the certifiability of your ISMS is assessed. Then, the effectiveness of your ISMS is examined in detail, e.g. through interviews, walk-throughs, etc. After successful completion of this audit, you will receive your certificate from the certification body.

How much does certification cost?

Since the costs depend on the respective individual framework conditions, we can only make a reliable statement on this when we know the exact scope or area of application of the certification. This can usually be clarified during a short telephone conversation. We will then submit an individual offer to you.

How long is a certificate valid?

Both accredited and in-house certificates are valid for three years. One exception is the “Trusted App” certificate, which is valid for one year, as apps constantly need new updates. The requirement for this is an annually conducted and successfully completed monitoring audit by an auditor. After three years, a re-certification is required.

What is a monitoring audit?

After successful initial certification and re-certification, the certificate holder is ” monitored” at regular intervals. This is done through obligatory monitoring audits at a minimum interval of one year. Compared to a certification audit, however, random checks are carried out with less effort.

What is a re-certification?

Re-certification is required to extend the validity of a certificate after three years. Within the scope of an audit, the continuous conformity with the respective underlying catalogue of requirements is checked and the continued applicability to the scope is confirmed. Re-certification initiates a new certification cycle, which requires further monitoring audits.

How is the certificate handed over?

The certificate will be sent to you by post in the desired format (DIN A4 and/or A3). You are also welcome to receive your document in an attractive setting. If possible, we also offer a personal certificate presentation, during which a photo and a press release are created. Both are then available to you for use for your internal and external marketing.

Regardless of whether you would like to receive your certificate in person or by post, we will of course send you a digital version of your document as well as a seal and corresponding marketing material for electronic use by e-mail.

What are the benefits of certification?

A certification proves to your customers and business partners the required level of quality and safety of the respective test object, which not least also results in an effective competitive advantage. Certification can also have a positive effect on the acquisition of new customers. In addition to receiving the TÜV seal for use in your marketing, your certificate can be viewed online on the TÜV TRUST IT website, which you can refer to at any time. In addition to your certificate, you will receive a comprehensive test report in which further potential for improvement is highlighted.

eIDAS

What does the term eIDAS mean?

eIDAS from “eID, Authentication and Signature”: eIDAS is the Regulation (EU) 910/2014 of the European Parliament. An EU law that is directly applicable in all EU member states. It forms the legal basis for electronic identification (eID) procedures and the provision of trust services (TS) in the European Single Market. With the eIDAS Regulation, schemes for electronic identification that are valid across EU member states and throughout the EU were regulated for the first time and the legally binding provision of trust services for the communication of business, administration and citizens was defined.

What is the aim of the eIDAS Regulation?

The core objectives of the eIDAS Regulation are to establish a framework for the handling of electronic identities (eID) and to define trust services. The goal is the obligatory definition of framework conditions for EU-wide valid eID schemes and the provision of trust services to strengthen the EU internal market. With the amendment of the eIDAS Regulation in 2021, wallets and attributes for electronic identities as well as three further trust services will also be defined here.

What are the benefits of eIDAS?

The main benefit of the eIDAS Regulation is the EU-wide uniform regulation of elementary areas of electronic business transactions. This goes hand in hand with the obligatory determination that electronic business processes, insofar as they are provided using so-called qualified trust services, are legally binding throughout the EU. For example, contracts concluded by qualified electronic means have the same legal status throughout the EU.

What is a trust service and which services are defined in eIDAS?

The trust services covered by eIDAS include, in qualified and non-qualified form, the provision of the following services:

  • Creation of certificates for electronic signatures and seals
  • Creation of signatures and seals for third parties including corresponding remote signature or remote seal solutions
  • Electronic time stamps
  • Validation services to verify electronic signatures, seals or time stamps
  • Preservation services to monitor the effectiveness of electronic procedures and the preservation of evidential value
  • Electronic registered mail delivery services
  • Electronic certificates for authentication of websites

Newly included with the amendment of the eIDAS Regulation in 2021:

  • Electronic archives
  • Electronic attributes
  • Electronic user accounts (ledgers)

Am I a trust service provider according to eIDAS?

According to the eIDAS Regulation, Article 3 No. 19, a “trust service provider” is a natural or legal person that provides one or more trust services as a qualified or non-qualified trust service provider. The service may be provided for a fee or free of charge.

If you operate at least one of the trust services defined by eIDAS in this form, you are most likely subject to the eIDAS Regulation – even if you do not provide your services at the “qualified” level.

What distinguishes qualified and non-qualified trust services?

While providers of non-qualified trust services are only subject to (subsequent) supervision by the national supervisory authority, qualified providers must have a conformity assessment carried out as part of their start of operations and then at least every two years during ongoing operations. The assessment must be carried out by a body accredited for this purpose in the EU, such as our conformity assessment body of TÜV AUSTRIA CERT. If the assessment is positive, the supervisory body can, after further examination, award the service provider the status “qualified” and subsequently publish the trust service with this status on the EU Trust List (TL).

I would like to find out more about eIDAS. Who can I contact?

If you have any further questions on the topic of eIDAS, the experts at TÜV TRUST IT will be happy to help. You can reach your contact person Mr. Clemens Wanko, Head of Trust Infrastructure and responsible for the accredited eIDAS Conformity Assessment Body of TÜV AUSTRIA CERT by e-mail at clemens.wanko@tuv-austria.com.

Trainings

Are training courses also offered online?

In principle, our training courses take place as face-to-face events at our locations. However, due to the current restrictions caused by the Corona pandemic, we offer our events online. In the case of individually agreed training courses, there is also always the option of holding them online.

Can training be offered in-house or specifically for one company only?

Yes, that is possible. We would be happy to develop training courses individually adapted to your company. Feel free to contact us!

How can I renew my certificate?

Personal certificates of TÜV TRUST IT have a validity period of three years and can be extended at the earliest three months before the expiry of the validity period. If you as the certificate holder would like to be re-certified for another three years, please apply for an extension at the certification office of TÜV TRUST IT. The following documents (e.g. project references, confirmation of participation, certificates, etc.) and information are required for this purpose:

  • the currently valid number of your personal certificate
  • proof of completed further trainings (at least 16 seminar hours) on the subject of the certification obtained after the acquisition of the certificate or after the last re-certification.
  • evidence of continuous activity in relation to the subject matter of the certification obtained

What does it cost to renew my certificate?

If you have provided proof of experience exchanges in our house, the extension is free of charge for you. If this is not the case, a fee of 195.00 EUR plus VAT will be charged.

Can I do the ISMS Manager or the ISMS Auditor separately?

Yes, this is possible. We offer both trainings independently of each other, so participation is not linked to the other event or a successful completion of the latter.

When will the next training take place?

Our training dates are published well in advance on our website and on our social media channels. If you do not find any current information, the next events are currently in the planning process. We will be happy to let you know as soon as the date for your desired event is fixed. Please do not hesitate to contact us!

Can I also receive my certificate or confirmation of participation in English?

We are happy to issue a certificate or confirmation of participation in English in addition to German. A certificate fee of 40.00 EUR plus VAT per document will be charged for this.

Will I be supported in finding a hotel?

We will be happy to support you in your search for a suitable hotel as part of our training courses and will send you our recommendations together with the registration confirmation.

Can training courses be cancelled by TÜV TRUST IT?

If an event does not reach the desired minimum number of participants, it can be cancelled by TÜV TRUST IT free of charge at the latest 14 days in advance. This is also possible in the event of force majeure or an unforeseeable situation (e.g. due to corona restrictions). In both cases, we offer you the option of rebooking for an alternative date free of charge.

What admission requirements do I have to fulfil to participate in a training course?

There are access requirements for some of our events. These are specific to the training and are indicated in the respective training description on our website. If you are unsure or have individual questions, please contact us.

Can I transfer my registration to a colleague?

Yes, that is possible. You are welcome to transfer your registration to a colleague at any time free of charge.

Is rebooking possible?

A rebooking is possible without any problems up to 14 days in advance at the latest. After this deadline, a rebooking will result in costs. Please contact us, we will be happy to help you in your individual case.

Do I need to bring anything to the training?

We will gladly provide you with everything you need for the event. In addition to the seminar documents, this also includes a writing pad and biros. If you prefer to take digital notes, you are welcome to bring your notebook to the event.

When will I receive a confirmation of participation or a certificate?

You will usually receive your certificate or confirmation of attendance within 14 days of the event. If this is not the case, please contact us stating the event attended.

(Online-) events

How do I register for an event?

Registration for all events takes place via the respective event page on our website. All current offers can be found under the menu items Services -> Events. Select the desired event and fill out the registration form at the bottom of the page. You will then immediately receive a registration confirmation with your personal access link.

Will the event be recorded?

Usually, the events are not recorded. Should this be the case, however, we will expressly point this out to you in advance of the event.

Will I receive the slides presented after the event?

Yes, we will automatically send the presentations and all necessary information to your e-mail address after the event.

Who can I contact if I have problems with the online platform used?

If you have any technical problems, please contact the named contact person or call us at +49 221 9697 890.

What happens if I cannot participate after all? Can I cancel my registration?

For free events, you can cancel your registration until shortly before the start of the event. For paid events, cancellation is usually possible up to 14 days before the event. Please also note the individual cancellation conditions that you received with your registration. As an alternative, you have the option of transferring your registration to a colleague free of charge. To do so, please contact us using the contact details provided on the event page.

Can I register additional participants from my company at a later date?

You can register additional participants at any time within the registration period. If this deadline has already passed, please contact your contact person Mrs. Mariana Dohmen at +49 151 61 33 32 15.