SwissSign AG – a company of the SwissSign Group receives certification for trust services.
The SwissSign Group supports individuals and businesses on their journey into a secure digital future. The trusted identities under the SwissID brand form the foundation for secure e-business processes and provide customers with simple and secure access to Swiss online services.
The subsidiary SwissSign AG is Switzerland’s qualified trust service provider (QTSP) under both Swiss law (ZertES) and EU law (eIDAS). To demonstrate compliance with the high legal and normative requirements, SwissSign successfully underwent an audit conducted by TÜV TRUST IT. The comprehensive certifications of SwissSign’s trust services confirm the high level of security achieved.
Initial situation
SwissSign and TÜV TRUST IT – two strong partners in eID and trust services
The two cornerstones of the SwissSign Group are its identity services under the SwissID brand and its certificate services. SwissID is Switzerland’s digital identity, enabling simple and secure access to the online world. With just one login, users gain access to an increasing number of Swiss online services and can handle everyday tasks easily, quickly, and efficiently from home.
Thanks to the electronic security certificates provided by SwissSign AG, data can be legally signed, encrypted, and securely exchanged—protected from unauthorized access. As a Swiss trust service provider, SwissSign supports individuals and companies on their path to a successful digital future, safeguarding data according to the highest security standards and ensuring it remains within Switzerland.
Approach
Mastering technical and legal requirements together
TÜV TRUST IT was commissioned by SwissSign to assess its existing trust services in accordance with the requirements of the EU eIDAS Regulation, the relevant technical criteria of the ETSI standards series ETSI EN 319 401 and EN 319 411, and the specific criteria of the CA/Browser Forum. The goal was to verify compliance and guide the services through the certification process. In addition, training sessions were conducted on topics such as trust services, technical standards, and legal requirements.
The projects were launched in spring 2018, and within just a few weeks, SwissSign successfully achieved certification through the TÜV AUSTRIA CERT certification body. Since then, TÜV TRUST IT has continued to support SwissSign with pre-assessments and checks for new products and services.
“A great symbiosis,” says Nathalie Weiler, Chief Information Security Officer at SwissSign.
“The support from TÜV TRUST IT helps us build our services in compliance with standards already during the product development phase. This is cost-efficient and saves a tremendous amount of time. Because once development is complete, we’re not only compliant with legal requirements, but practically ready for certification!”
Your Benefits
Successful symbiosis between certification body and trust service provider
Certification of trust services according to the requirements of the CA/Browser Forum, ETSI standards, and the eIDAS Regulation is a fundamental prerequisite for delivering such services. Beyond that, SwissSign can demonstrate to its partners and customers that it consistently operates in compliance with legal and normative requirements, and that confidential data is protected according to the highest standards.
Nathalie Weiler, CISO of SwissSign, described the collaboration with TÜV TRUST IT as follows:
“Compliance is a fundamental part of our business and the foundation of everything we do. As a qualified Swiss trust service provider, we are particularly aware of this responsibility.
That’s why it’s important to us to live up to the highest level of security every day—especially in the area of trust services—and to make this visible externally. In both areas, TÜV TRUST IT has been an excellent partner: through their continuous support of our development projects, we are able to implement our services in a targeted, legally and normatively compliant way.
And with the certification by TÜV AUSTRIA CERT, we can clearly demonstrate our high security standards—transparently and verifiably.”
Michael Günther (Compliance) also confirmed the particularly successful and competent collaboration with TÜV TRUST IT:
“We felt well supported at all times. The support for our projects, the audits, and the certifications by TÜV TRUST IT were not only reliable and efficient, but always completed on schedule. That’s no longer a given these days and is a crucial factor in meeting our certification deadlines.”
The eIDAS team at TÜV TRUST IT GmbH, part of the TÜV AUSTRIA Group, is pleased that SwissSign’s expectations were met so successfully. Clemens Wanko, Head of Trust Infrastructure and responsible for the eIDAS Conformity Assessment Body at TÜV AUSTRIA CERT, emphasizes the strong partnership with SwissSign at all levels—from executive management to operational teams:
“Only through this close collaboration were we able to support SwissSign in achieving its goals, even during challenging project phases.
The fact that the independent certification by our sister company TÜV AUSTRIA CERT highlights and externally documents the high quality of our joint work with SwissSign makes us especially proud.
I would like to sincerely thank all our contacts at SwissSign for the outstanding cooperation.”