| Scope |
On the request of AMP Holding B.V. (hereafter referred to as: AMP), the annual certification audit on all areas and processes was performed by BSI Group The Netherlands B.V. (John M. Keynesplein 9, 1066 EP Amsterdam, The Netherlands).
The full audit covered all applicable requirements from the audit criteria listed below (see “Audit Information”) and are defined in AMP’s Statement of Applicability, dated 24 January 2025 and the Overview of Applicability, dated 16 January 2025.
The scope of the assessment comprised the following Trust Service components provided to (qualified) Trust Service Providers:
-,,Registration Service
-,,partly, identity proofing of natural persons – with physical presence
-,,partly, identity proofing of natural persons – Unattended remote identity proofing, "Automated operation" (*)
-,,Subject Device Provision Service (partly, delivery of QSCD/SSCD).
These Trust Service components are being provided for the following (qualified) trust services as defined in Regulation (EU) 910/2014 (eIDAS):
-,,Issuance of qualified certificates for electronic signatures (qualified trust service), in accordance with the policy: QCP-n-qscd
-,,Issuance of qualified certificates for electronic seals (qualified trust service), in accordance with the policy: QCP-l-qscd;
-,,Issuance of qualified certificates for website authentication (qualified trust service), in accordance with the policy: QCP-w
The Trust Service component practices are described in the following document:
AMP Groep - Trust Service & Identity Proofing Practice Statement (TSIPPS) voor Voor ‘’AMP Groep persoonsidentificatie via de app en fysiek op locatie’’, dated: 15-01-2025, effective date: 20-01-2025.
Our annual certification audit was performed in January 2025. Based on the objective evidence collected during the certification audit for the period from 1 February 2024 through 31 January 2025:
-,,We conclude that the areas assessed during the audit were generally found to be effective, based on the applicable requirements defined in AMP’s Statement of Applicability, dated 24 January 2025 and the Overview of Applicability, dated 16 January 2025.
-,,We confirm that the following identification method(s) provide equivalent assurance in terms of reliability to physical presence, pursuant to Regulation (EU) 910/2014 (eIDAS) article 24, paragraph 1a, sub d, for the Trust Services component (and Identity Proofing Context) covered by this Certificate of Conformity:
“AMP Groep Persoonsidentificatie via de app”, supporting the ETSI TS 119461 Use Case for Unattended remote identity proofing (9.2.3): "Automated operation" (9.2.3.4)".
Audit information
Audit information
Audit criteria:
-,,Regulation (EU) N 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC, Chapter III – Trust Services.
-,,ETSI EN 319 411-2 v2.5.1 (2023-10) Electronic Signatures and Infrastructures (ESI) - Policy and security requirements for Trust Service Providers issuing certificates;- Part 2: Requirements for trust service providers issuing EU qualified certificates, for the policies: QCP-n-qscd, QCP-l-qscd, QCP-w;
Supporting audit criteria to Regulation (EU) 910/2014 and ETSI EN 319411-2:
-,,ETSI EN 319 401 v3.1.1 (2024-06) General Policy Requirements for Trust Service Providers
-,,ETSI EN 319 411-1 v1.4.1 (2023-10) Electronic Signatures and Infrastructures (ESI) - Policy and security requirements for Trust Service Providers issuing certificates - Part 1: General requirements, for the policies: NCP+, OVCP, PTC;
-,,ETSI TS 119 461 v1.1.1 (2021-07): Electronic Signatures and Infrastructures (ESI); Policy and security requirements for trust service components providing identity proof-ing of trust service subjects, incl. applicable requirements included by reference from ETSI EN 319 401 v2.3.1
-,,CA/Browser Forum – Baseline Requirements Certificate Policy for the Issuance and Management of Publicly-Trusted Certificates, v2.1.1 (18 November 2024)
-,,CA/Browser Forum – Network and Certificate System Security Requirements, v2.0.1 (11 November 2024).
-,,PKIoverheid Programme of Requirements 5.1, usage domains: G3 Legacy Organization Person certificates (previously 3a), G3 Legacy Organization Services certificates (previously 3b), G3 Legacy Citizen certificates (previously 3c), G3 2019 Autonomous Devices certificates (previously PoR Part 3d), G1 Private Organization Services certificates (previously PoR Part 3g), G1 Private Server certificates (previously PoR Part 3h), G1 Private Person certificates (previously PoR Part 3i) (11 December 2024).
Audit Period of Time:
1 February 2024 through 31 January 2025
Audit performed:
January 2025
Information and Contact:
BSI Group The Netherlands B.V., John M. Keynesplein 9, 1066 EP Amsterdam, NL
|
Selangor,Malaysia
Wanchai,Hong Kong
Hengyang,China
