Digidentity is certified against the requirements of standards, schemes and regulations

image

ISO/IEC 27001:2022

Information Security Management System

Digidentity implemented and maintains an Information Security Management System (ISMS) which is certified against the ISO/IEC 27001:2022 standard. The ISMS of Digidentity provides policies and procedures to maintain a high level of information security to protect our systems and customer data.

The ISMS manages security controls for logical and physical access, network security, human resource security, business continuity and disaster recovery, incident management and compliance.

Digidentity obtained certification in 2012 and is audited annually on compliance to ISO/IEC 27001:2022 by BSI Group Netherlands (certificate ISC066).

ISO/IEC 27701:2019

Privacy Information Management System

Digidentity maintains a Privacy Information Management System (PIMS) which is certified against the ISO/IEC 27701:2019 standard for privacy management. We meet the requirements regarding responsibility and accountability for processing Personal Data.

With ISO/IEC 27701:2019 certification, Digidentity can demonstrate to customers and stakeholders that effective measures are in place to support compliance to GDPR and other related privacy legislation.

Digidentity obtained certification in 2021 and is audited annually on compliance to ISO/IEC 27701:2019 by BSI Group Netherlands (certificate PM 753107).

ISO27017:2015

Cloud Security

Digidentity implemented information security controls compliant with ISO/IEC 27017:2015 applicable to the provision and use of cloud services. The security controls cover responsibilities as protection of virtual environments, virtual machine hardening and configuration, maintenance procedures, logging and monitoring.

Digidentity's attestation to the ISO/IEC 27017:2015 guidance demonstrates our ongoing commitment to align with international standards and confirms that we have controls in place that are specific to cloud services.

Digidentity obtained certification in 2021 and is audited annually on compliance to ISO27017:2015 by BSI Group Netherlands (certificate CLOUD 753108).

ISO27018:2019

Securing Personal Data in the Cloud

Digidentity implemented information security controls to secure processing of personal data in the cloud compliant with ISO/IEC 27018:2019. With our ISO/IEC 27018:2019 certification, Digidentity established a baseline of security for all our services that processes data in the cloud. The security measures implemented reduce security risks related to processing personal data in the cloud.

The security controls cover responsibilities as protection of personal data in virtual environments, legal requirements of processing personal data, maintenance procedures, logging and monitoring.

Digidentity's certification to ISO/IEC 27018:2019 proves our commitment to comply to GDPR (Regulation (EU) 2016/679) and other data protection laws and regulations.

Digidentity obtained certification in 2021 and is audited annually on compliance to ISO/IEC 27018:2019 by BSI Group Netherland (certificate PII 753109).

ISO 9001:2015

Quality Management System

Digidentity has implemented and maintains an Quality Management System (QMS) which is certified against the ISO 9001:2015 standard.

The QMS of Digidentity provides policies and procedures to maintain and improve the quality of our services to customers.

The QMS manages quality controls for product development, service delivery and customer satisfaction.

Digidentity obtained certification in 2022 and is audited annually on compliance to ISO 9001:2015 by DNV - Business Assurance (certificate C561445).

ETSI EN 319 401

General Policy Requirements for Trust Service Providers

Digidentity is compliant with ETSI EN 319 401 defining the general requirements for Trust Service Providers.

The ETSI EN 319 401 standard specifies baseline policy requirements on the operation and management practices of Trust Service Provider. The general requirements cover controls for access management, network security, incident management, business continuity management and compliance.

Digidentity obtained the separate certificate for ETSI EN 319 401 in 2021 where the certification was always included in the ETSI 319 411 certification since 2011.

Digidentity is audited annually on compliance to ETSI EN 319 401 by BSI Group Netherlands (certificate ETS 076).

ETSI EN 319 411-1

Policy & Security requirements for TSP issuing public key certificates

Digidentity is certified against ETSI EN 319 411-1 defining the requirements for the issuance of public key certificates. Digidentity issues public key certificates for authentication, encryption, and non-repudiation as well as server certificates for authentication and encryption.

The ETSI EN 319 411-1 standard defines requirements for certificate life cycle (registration, issuance, revocation), security controls and compliance.

Digidentity obtained the certification in 2015 and is audited annually on compliance to ETSI EN 319 411-1 by BSI Group Netherlands (certificate ETS 043)).

ETSI EN 319 411-2

Policy & Security requirements for TSP issuing EU qualified certificates

Digidentity is certified against ETSI EN 319 411-2 defining the requirements for the issuance of qualified certificates for electronic signatures. Digidentity issues qualified certificates for electronic signatures for personal and business use (eSGN Qualified) and electronic Seals for organisations (eSGN Seal).

The ETSI EN 319 411-2 standard defines requirements for certificate life cycle (registration, issuance, revocation), security controls and compliance.

Digidentity obtained the certification in 2011 and is audited annually on compliance to ETSI EN 319 411-2 by BSI Group Netherlands (certificate ETS 015).

EU Regulation 910/2014 (eIDAS) on electronic identification and trust services

Digidentity is certified against EU Regulation 910/2014 (eIDAS). eIDAS provides requirements for advance and qualified electronic signature, electronic Seals and electronic identification.

Digidentity issues qualified certificates for qualified electronic signatures for personal and business use (QES) and electronic Seals for organisations (Seal). Digidentity is a Qualified Trust Services Provider (QTSP) as defined in eIDAS. Digidentity is included on the EU Trust List for Trust Service Providers for issuance of EU qualified electronic certificates. Digidentity issues digital identities for eHerkenning (eID) which is eIDAS notified in Europe.

Digidentity obtained the certification in 2016 and is audited annually on compliance to eIDAS by BSI Group Netherlands as part of the ETSI audit (certificate ETS 015).

Digidentity is also inspected annually by the Dutch Supervisory Body - Dutch Authority for Digital Infrastructure on compliance with eIDAS for both Trust Services and eID.

EU Regulation 679/2016 (GDPR) on protection of personal data

Digidentity is compliant with the requirements in EU Regulation 679/2016 (GDPR) for protection of personal data.

Digidentity safeguards the privacy of our customers. Digidentity complies to the GDPR requirements for performing Data Protection Impact Analysis (DPIA), record of processing activities, agreed Processor Agreements, has a data breach response plan, information security policy and is transparent on the processing of personal data.

Digidentity obtained the certification in 2021 and is audited annually on compliance to GDPR by Privacy Verified/ICT Recht (certificate).

UK Digital Identity & Attributes Trust Framework

Digidentity is certified against the requirements from the UK Digital Identity & Attributes Trust Framework (known as Trust Framework) of the Department of Culture, Media & Sport (DCMS). The Trust Framework contains a set of rules and standards designed to establish trust in digital identity products in the UK.

Digidentity is certified as an IDSP (Identity Service Provider) to perform digital identity checks for the Right to Work (RtW), Right to Rent (RtR), and Disclosure and Barring Service (DBS) schemes respectively, in line with the Trust Framework. Digidentity performs identity checks using the requirements in GPG44 and GPG45 that included identity document validation, biometric verification and fraud detection.

Digidentity is audited annually on compliance to the Trust Framework requirements by DISC from Age Check Certification Scheme from the UK (Certificate UKDIATF 2022/06) and (Certificate of Conformance).

Digidentity is listed as a certified IDSP on the GOV.UK website.