On the request of QV Holdings Ltd. in Bermuda and DigiCert Europe Belgium B.V. in Belgium, formerly known as: QuoVadis Trustlink BVBA (hereafter referred to as: DigiCert), the certification audit on all areas and processes was performed by BSI Group The Netherlands B.V. (John M. Keynesplein 9, 1066 EP Amsterdam, The Netherlands).
The certification audit covered all applicable requirements from the audit criteria listed below (see “Audit Information”) and are defined in DigiCert’s Statement of Applicability, dated 18 January 2024 and the Overview of Applicability, version 1.24.
The scope of the assessment comprises the following Trust Service Provider component services:
-,,Registration Service (*)
-,,Certificate Generation Service
-,,Dissemination Service (*)
-,,Revocation Management Service (*)
-,,Revocation Status Service
-,,Subject Device Provision Service (*)
The Trust Service Provider component services marked with (*) are provided by Belgian Mobile ID SA who is subject to conformity assessment by an accredited conformity assessment body. The Trust Service is provided under the final responsibility of DigiCert.
These TSP component services are being provided for the following qualified trust services as defined in Regulation (EU) 910/2014 (eIDAS):
-,,Issuance of qualified certificates for electronic signatures (qualified trust service), in accordance with the policy: QCP-n-qscd
The certificates are issued through the issuing Certification Authorities, as specified below:
Root CA: QuoVadis Root CA 1 G3
Sha256 Fingerprint:
8A866FD1B276B57E578E921C65828A2BED58E9F2F288054134B7F1F4BFC9CC74,,
-,,Issuing CA: itsme Sign Issuing CA G2x
Sha256 Fingerprint:
B965A4354E7E1FFEDD1F947F13B065819B3A53C6889DC643E1D0D4C514AB68AE
+,,eIDAS Qualified: Natural Person - QCSD (OID 0.4.0.194112.1.2), in accordance with policy QCP-n-qscd
-,,Issuing CA: itsme Sign Issuing CA G2
Sha256 Fingerprint:
0B7AF5EB38D90B83C893410EC6714601A4EF6EC5C32B9D1D9AD54FBD38E18AEA
+,,eIDAS Qualified: Natural Person - QCSD (OID 0.4.0.194112.1.2), in accordance with policy QCP-n-qscd
The TSP component services are documented in the following Certification Practice Statement(s):
-,,DigiCert Europe/QuoVadis CP/CPS, v5.1, 15 December 2023
-,,DigiCert Europe/QuoVadis PKI Disclosure Statement, v2.0, 22 November 2023
Our certification audit was performed in February 2024. The result of the audit is that we conclude, based on the objective evidence collected during the certification audit from 11 December 2022 through 10 December 2023, the areas assessed during the audit were generally found to be effective, based on the applicable requirements defined in DigiCert’s Statement of Applicability, dated 18 January 2024 and the Overview of Applicability, version 1.24.
Audit information:
Audit criteria:
-,,ETSI EN 319 401 v2.3.1 (2021-05) General Policy Requirements for Trust Service Providers
-,,ETSI EN 319 411-1 v1.3.1 (2021-05) Electronic Signatures and Infrastructures (ESI) - Policy and security requirements for Trust Service Providers issuing certificates - Part 1: General requirements, for the policy: NCP+
-,,ETSI EN 319 411-2 v2.4.1 (2021-11) Electronic Signatures and Infrastructures (ESI) - Policy and security requirements for Trust Service Providers issuing certificates; - Part 2: Requirements for trust service providers issuing EU qualified certificates, for the policy: QCP-n-qscd;
-,,Regulation (EU) N 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC, Chapter III – Trust Services.
Audit Period of Time:
11 December 2022 – 10 December 2023
Audit performed:
February 2024
Information and Contact:
BSI Group The Netherlands B.V., John M. Keynesplein 9, 1066 EP Amsterdam, NL
|