Digidentity implemented and maintain an Information Security Management System (ISMS) which is certified against the ISO27001:2013 standard. The ISMS of Digidentity provides policies and procedures to maintain a high level of information security to protect our systems and customer data. The ISMS manages security controls for logical and physical access, network security, human resource security, business continuity and disaster recovery, incident management and compliance.
Digidentity is certified against ETSI EN 319 411-1 defining the requirements for the issuance of public key certificates. Digidentity issues public key certificates for authentication, encryption and non-repudiation as well as PKIoverheid Private Root SBR certificates.
The ETSI EN 319 411-1 standard defines requirements for certificate life cycle (registration, issuance, revocation), security controls and compliance.
Digidentity is certified against ETSI EN 319 411-2 defining the requirements for the issuance of qualified certificates for electronic signatures. Digidentity issues qualified certificates for electronic signatures for personal and business use (eSGN Qualified) and electronic Seals for organisations (eSGN Seal).
The ETSI EN 319 411-2 standard defines requirements for certificate life cycle (registration, issuance, revocation), security controls and compliance.
Digidentity is certified against EU Regulation 910/2014 (eIDAS). eIDAS provides requirements for advance and qualified electronic signature, electronic Seals and electronic identification.
Digidentity issues qualified certificates for electronic signatures for personal and business use (eSGN Qualified) and electronic Seals for organisations (eSGN Seal). Digidentity is a Qualified Trust Services Provider (QTSP) as defined in eIDAS. Digidentity is included on the EU Trust List for Trust Service Providers for issuance of EU qualified certificates.
Digidentity issues digital identities for eHerkenning (eID) which is eIDAS notified in Europe.
Digidentity obtained the certification in 2016 and is audited annually on compliance to eIDAS by by BSI Group Netherlands as part of the ETSI audit (certificate ETS 015). Digidentity is also inspected annually by the Dutch Supervisory Body - Agentschap Telecom on compliance with eIDAS for both Trust Services and eID.
Digidentity is certified against EU Regulation 679/2016 (GDPR) for protection of personal data.
Digidentity safeguards the privacy of our customers. Digidentity complies to the GDPR requirements for performing Data Protection Impact Analysis (DPIA), record of processing activities, agreed Processor Agreements, has a data breach response plan, information security policy and is transparent on the processing of personal data.
Digidentity is certified against the PKIoverheid Program of Requirements.
PKIoverheid is designed for trustworthy electronic communication within and with the Dutch government. PKI certificates secure the information that persons and organisations send via internet on a high level of reliability.
Digidentity is compliant with the requirements of eHerkenning (Afsprakenstelsel).
eHerkenning is the electronic identity (eID) system providing authentication and authorisation services. eHerkenning was founded by the Dutch government and technology providers, including Digidentity, as a public-private partnership, to provide secure access to government services for organisations
Digidentity provides electronic identities, authorisations, authentication and broker services for eHerkenning. Digidentity is accredited by the Dutch government as supplier of eHerkenning services.
Digidentity is inspected annually on compliance to eHerkenning requirements by the Dutch Supervisory Body - Agentschap Telecom.
Digidentity is certified against the tScheme requirements for GOV.UK Verify.
tScheme is the self-regulatory body for electronic trust service approval in the UK. The GOV.UK Verify service of the Government Digital Service (GDS). GDS rely on Trust Service Providers (TSP) to confirm the identity of an individual. Digidentity uses a set of rules specified by the UK Government for the issuance of a digital identity. Digidentity is approved under the ‘Verify Scheme’. The scheme defines the range of activities Digidentity must carry out and criteria Digidentity must meet and includes acquiring tScheme approval for delivering services.
tScheme aims to improve levels of trust in digital economies. Digidentity is an Identity Service Provider for GOV.UK Verify and has achieved the tScheme Approved Service certification against requirement defined in Operations Manual, GPG44 and GPG45.
Digidentity is audited annually on compliance to the tScheme requirements by Lloyd’s Register from the UK.