Scope |
On the request of KPN B.V. (hereafter referred to as: KPN), the annual certification audit on all areas and processes was performed by BSI Group The Netherlands B.V. (John M. Keynesplein 9, 1066 EP Amsterdam, The Netherlands).
The full audit covered all applicable requirements from the audit criteria listed below (see “Audit Information”) and are defined in KPN’s Statement of Applicability, dated 28 May 2024 and the Overview of Applicability, dated 1 May 2024.
The scope of the assessment comprised the provision of the following Trust Service Provider component services to the (qualified) Trust Service Provider CIBG in The Hague, with regard to the UZI-register:
-,,Dissemination Service;
-,,Registration Service (partly);
-,,Revocation Management Service (partly);
-,,Certificate Generation Service;
-,,Certificate Status Service.
These TSP component services are being provided for the following qualified trust services, as defined in Regulation (EU) 910/2014 (eIDAS):
-,,Issuance of qualified certificates for electronic signatures (qualified trust service), in accordance with the policy: QCP-n-qscd
Our annual certification audit was performed in April and May 2024. The result of the annual certification audit is that we conclude, based on the objective evidence collected during the certification audit for the period from 1 June 2023 through 31 May 2024, the areas assessed for:
- Issuance of qualified certificates for electronic signatures (qualified trust service), in accordance with the policy: QCP-n-qscd
were generally found to be effective, based on the applicable requirements defined in KPN’s Statement of Applicability, dated 28 May 2024 and the Overview of Applicability, dated 1 May 2024.
NEW-PAGEAudit information:
Audit criteria:
-,,ETSI EN 319 401 v2.3.1 (2021-05) General Policy Requirements for Trust Service Providers;
-,,ETSI EN 319 411-1 v1.4.1 (2023-10) Electronic Signatures and Infrastructures (ESI) - Policy and security requirements for Trust Service Providers issuing certificates - Part 1: General requirements, for the policies: NCP, NCP+
-,,ETSI EN 319 411-2 v2.5.1 (2023-10) Electronic Signatures and Infrastructures (ESI) - Policy and security requirements for Trust Service Providers issuing certificates;- Part 2: Requirements for trust service providers issuing EU qualified certificates, for the policy: QCP-n-qscd;
-,,Regulation (EU) N 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC, Chapter III – Trust Services.
-,,CA/Browser Forum - Network and Certificate System Security Requirements v1.7 (April 5, 2021);
-,,PKIoverheid – Program of Requitements v4.12, G3 Legacy Organization Person certificates (previously 3a), G3 Legacy Organization Services certificates (previously 3b), Private Server certificates (previously 3h)
Audit Period of Time:
1 June 2023 – 31 May 2024
Audit performed:
April and May 2024
Information and Contact:
BSI Group the Netherlands B.V., John M. Keynesplein 9, 1066 EP Amsterdam, NL
|