On the request of Multi-Post Services B.V. (hereafter referred to as: Multi-Post), the annual certification audit on all areas and processes was performed by BSI Group The Netherlands B.V. (John M. Keynesplein 9, 1066 EP Amsterdam, The Netherlands).
The full audit covered all applicable requirements from the audit criteria listed below and are defined in the Multi-Post Statement of Applicability, dated 1 March 2024 and the Overview of Applicability, dated 31 January 2024.
The scope of the assessment comprised the following Trust Service Provider component service:
-,,Subject Device Provision Service
The TSP component service is performed under the final responsibility of the Trust Service Providers KPN B.V. and CIBG.
This TSP component service is being provided for the following qualified trust services as defined in Regulation (EU) 910/2014 (eIDAS):
-,,Issuance of qualified certificates for electronic signatures (qualified trust service)
Our annual certification audit was performed in March 2024. The result of the full audit is that we conclude, based on the objective evidence collected during the certification audit for the period from 1 April 2023 through 31 March 2024, the areas assessed during the audit were generally found to be effective, based on the applicable requirements defined in the Multi-Post Statement of Applicability, dated 1 March 2024 and the Overview of Applicability, dated 31 January 2024.
Audit information:
Audit criteria
-,,ETSI EN 319 401 v2.3.1 (2021-05) General Policy Requirements for Trust Service Providers;
-,,ETSI EN 319 411-1 v1.4.1 (2023-10) Electronic Signatures and Infrastructures (ESI) - Policy and security requirements for Trust Service Providers issuing certificates - Part 1: General requirements, for the policy: NCP+;
-,,ETSI EN 319 411-2 v2.5.1 (2023-10) Electronic Signatures and Infrastructures (ESI) - Policy and security requirements for Trust Service Providers issuing certificates – Part 2: Requirements for trust service providers issuing EU qualified certificates, for the policy: QCP-n-qscd;
-,,Regulation (EU) N 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC, Chapter III – Trust Services;
-,,CA/Browser Forum – Network and Certificate System Security Requirements v1.7 (5 April 2021)
-,,PKIoverheid Programme of Requirements v4.12 part 3 - Basic Requirements, part 3 - Additional Requirements and the requirements from parts 3a and 3b.
Audit Period of Time:
1 April 2023 - 31 March 2024
Audit performed:
March 2024
Information and Contact:
BSI Group the Netherlands B.V., John M. Keynesplein 9, 1066 EP Amsterdam, NL
|