SwissSign Group

Home > References > SwissSign AG – SwissSign Group company receives trust services certification

SwissSign AG – SwissSign Group company receives trust services certification

The SwissSign Group accompanies individuals and enterprises into a secure digital future. Trustworthy SwissID brand identities are the basis for secure eBusiness processes and enable customers to gain simple and secure access to Swiss online services. The SwissSign Group company SwissSign AG is the Swiss trust service provider (VDA) in accordance with Swiss (ZertES) and EU law (eIDAS, or electronic Identification, Authentication and Trust Services).

To prove fulfilment of the exacting statutory and standard requirements SwissSign most successfully underwent a TÜV TRUST IT audit. The comprehensive certifications of SwissSign trust services testify to the high level of security achieved.

Initial situation

SwissSign and TÜV TRUST IT – Strong partners in eID and trust services

The SwissSign Group’s cornerstones are its SwissID brand identity services and its certificate services. SwissID is Switzerland’s digital identity, providing simple and secure access to the online world. Users have a login that enables them to access more and more Swiss online services and deal with their daily affairs simply, swiftly and efficiently at home.

Thanks to SwissSign AG’s security certificates data can be signed electronically in a way that is legally binding, encrypted and shared, thereby being protected from unwanted access. As the Swiss trust service, SwissSign accompanies individuals and enterprises into a successful digital future, protecting data to the highest security levels and keeping it in Switzerland.

Approach

Jointly mastering technical and statutory requirements

TÜV TRUST IT was commissioned by SwissSign to audit its trust services for compliance with the requirements of the EU’s eIDAS Regulation, with the technical requirements of the ETSI standards ETSI EN 319 401 and EN 319 411 and with the special criteria of the CA/Browser Forum, to establish their conformity and to lead to certification. Training was also provided on subjects such as trust services and technical and statutory requirements. The projects were launched in spring 2018. Just a few weeks later SwissSign was successfully certified by TÜV AUSTRIA CERT’s certification department,

since when TÜV TRUST IT has assisted SwissSign most successfully with preliminary examinations and checks for new products and services. “A super symbiosis,” says Nathalie Weiler, SwissSign’s Chief Information Security Officer, “in that TÜV TRUST IT’s support helps us in the product development phase to design our services to comply with standards. That is cost-effective and saves an enormous amount of time. Once product development is completed we are not only already compliant with statutory requirements but also ready for certification, as it were!”

Benefits

Successful symbiosis of testing institute and trust service provider

Certification of trust service compliance with the requirements of the CA/Browser Forum, ETSI and the eIDAS Regulation is the essential prerequisite for service provision. In addition, it enables SwissSign to prove to its partners and customers that it always complies laws and standards and that confidential data is held safely and securely to the highest standards.

SwissSign CISO Nathalie Weiler described the collaboration with TÜV TRUST IT as follows: “Compliance is for us a fundamental business principle and the basis of all our business activity. As a qualified Swiss provider of trust services we are particularly aware of this responsibility. That is why we set great store by delivering maximum day-by-day security, especially in the area of trust services, and to documenting this outwardly. In both areas our partner TÜV TRUST IT has given us excellent support: by continuously accompanying our development projects it has helped us to implement them with a focus on compliance with laws and standards. And with

certification by TÜV AUSTRIA CERT we document our high security standard verifiably and for all to see.” Michael Günther (Compliance) also confirmed that TÜV TRUST IT’s collaboration had been especially successful and competent. “We felt we were in good hands at all times. The accompaniment of our projects, the tests and certifications by TÜV TRUST IT were not only reliable and efficient but also always on schedule. By no means a matter of course nowadays, that is a crucial aspect if we are to meet our certification deadlines.”

The eIDAS team at TÜV Austria Group’s TÜV TRUST IT GmbH is delighted to have been able to fulfil SwissSign’s expectations so well. TÜV TRUST IT’s Head of Trust Infrastructure Clemens Wanko noted the good collaboration based on partnership with SwissSign colleagues at all levels from the Management to the operational level. “It was only on that basis that we were able to support SwissSign to achieve its objectives in difficult project phases. We are particularly proud that the independent certification by our sister company TÜV AUSTRIA CERT underscores and documents with external effect the high quality of our collaboration with SwissSign.” “I thank all of our contacts at SwissSign for the outstanding cooperation,” said Clemens Wanko.