Testing and certification bodies Recognition
Confirmation or testing and confirmation bodies have the task of verifying and confirming security concepts of certification service providers (testing and confirmation body) and confirming that the legal requirements for products for qualified electronic signatures are met (confirmation body).
The recognised bodies must carry out their tasks impartially, without instructions and conscientiously. Tests and confirmations carried out must be documented.
Upon request, both natural and legal persons can be recognised as a confirmatory or audit and confirmation body.
The application for recognition as a confirmation or examination and confirmation body can be submitted informally. It must contain the names and addresses of the applicant and his or her legal representatives.
After examination of the conditions, the competent authority may grant recognition as follows:
- Limited in content
- with conditions.
Who should I contact?
Federal Network Agency for Electricity, Gas, Telecommunications, Post and Railways (short: Federal Network Agency)
A person who is suitable for the proper performance of the tasks incumbent on him on the basis of his personal characteristics, behavior and abilities is considered reliable.
- Independence Independent persons are those who are not subject to economic, financial or other pressures that may influence their judgement or jeopardise the impartial performance of their duties.
- Specialist knowledge The necessary specialist knowledge is possessed by those who, on the basis of their training, vocational training and practical experience, are suitable for the proper fulfilment of the tasks incumbent upon them.
- An accreditation of the applicant body according to DIN EN 45011 as a certification body for IT security according to ITSEC or CC or an accreditation as a testing body according to DIN EN ISO/IEC 17025 as a test laboratory for IT security with the licensing for tests according to ITSEC or CC by the Federal Office for Information Security (BSI).
- For recognition as a testing and confirmation body for safety concepts: Submission of a documented test and confirmation procedure for safety concepts
Which documents are required?
For the applicant and his or her legal representatives: current certificates of good conduct pursuant to Section 30 (5) of the Federal Central Register Act or documents of another Member State of the European Union or another State Party to the Agreement on the European Economic Area which have an equivalent function or which show that the requirement in question has been met,
- current extract from the commercial register or a comparable document or document from another Member State of the European Union or another State party to the Agreement on the European Economic Area which has an equivalent function or which shows that the relevant requirement has been met,
- proof of financial independence (in particular through minimum capital and comparable collateral),
- Proof of the necessary technical, administrative and legal expertise,
- Declaration of the legal activities of the Signature Act to which the application relates (confirmation body for products for qualified electronic signatures in accordance with § 17 (4) or § 15 (7) sentence 1 of the Signature Act and/or verification and confirmation body for security concepts in accordance with § 15 (2) of the Signature Act),
- Proof of sufficient experience in the application of the test criteria according to Annex 1 of the Signature Ordinance,
- if applicable, description of how the appropriate monitoring of the testing activity is ensured.
What are the fees?
The competent authority shall charge fees and expenses for the processing of the application, the amount of which shall be based on the time required.