This report provides an overview of the dedicated means of auditing for TSPs. It discusses specifically the following areas: standards applicable to TSPs and Conformity Assessment Bodies (auditors), methodology of auditing TSPs (off- and on-site), TSPs documentation (plans, policies and procedures) and implementation of TSPs services. This set of good practices can be used as reference for both, Trust Service Providers (preparing for audits), and Conformity Assessment Bodies (performing audits), in the field of external audits (internal assessments are part of company’s risk management procedures, therefore this topic is not covered here). It focuses on measures that can be taken at organizational level, drawing to norms and standards for technical details.
April 02, 2015
Iñigo Barreira, Izenpe, Arno Fiedler, Nimbus Technologieberatung GmbH, Artur Miękina, Polish Security Printing Works, Clemens Wanko, TUV Informationstechnik GmbH, Sławomir Górniak, ENISA