Certifications

Digidentity is certified against the requirements of standards, schemes and regulations

  • ISO/IEC 27001:2013 – Information Security Management System


    Digidentity implemented and maintains an Information Security Management System (ISMS) which is certified against the ISO/IEC 27001:2013 standard. The ISMS of Digidentity provides policies and procedures to maintain a high level of information security to protect our systems and customer data.

    The ISMS manages security controls for logical and physical access, network security, human resource security, business continuity and disaster recovery, incident management and compliance.

    Digidentity obtained certification in 2012 and is audited annually on compliance to ISO/IEC 27001:2013 by BSI Group Netherlands (certificate ISC066).

  • ISO/IEC 27701:2019 – Privacy Information Management System


    Digidentity maintains a Privacy Information Management System (PIMS) which is certified against the ISO/IEC 27701:2019 standard for privacy management. We meet the requirements regarding responsibility and accountability for processing Personal Data.

    With ISO/IEC 27701:2019 certification, Digidentity can demonstrate to customers and stakeholders that effective measures are in place to support compliance to GDPR and other related privacy legislation.

    Digidentity obtained certification in 2021 and is audited annually on compliance to ISO/IEC 27701:2019 by BSI Group Netherlands (certificate PM 753107)).

  • ISO27017:2015 – Cloud Security


    Digidentity implemented information security controls compliant with ISO/IEC 27017:2015 applicable to the provision and use of cloud services. The security controls cover responsibilities as protection of virtual environments, virtual machine hardening and configuration, maintenance procedures, logging and monitoring.

    Digidentity's attestation to the ISO/IEC 27017:2015 guidance demonstrates our ongoing commitment to align with international standards and confirms that we have controls in place that are specific to cloud services.

    Digidentity obtained certification in 2021 and is audited annually on compliance to ISO27017:2015 by BSI Group Netherlands (certificate CLOUD 753108).

  • ISO27018:2019 – Securing Personal Data in the Cloud


    Digidentity implemented information security controls to secure processing of personal data in the cloud compliant with ISO/IEC 27018:2019. With our ISO/IEC 27018:2019 certification, Digidentity established a baseline of security for all our services that processes data in the cloud. The security measures implemented reduce security risks related to processing personal data in the cloud.

    The security controls cover responsibilities as protection of personal data in virtual environments, legal requirements of processing personal data, maintenance procedures, logging and monitoring.

    Digidentity's certification to ISO/IEC 27018:2019 proves our commitment to comply to GDPR (Regulation (EU) 2016/679) and other data protection laws and regulations.

    Digidentity obtained certification in 2021 and is audited annually on compliance to ISO/IEC 27018:2019 by BSI Group Netherland (certificate PII 753109)

  • ETSI EN 319 401 - General Policy Requirements for Trust Service Providers


    Digidentity is compliant with ETSI EN 319 401 defining the general requirements for Trust Service Providers.

    The ETSI EN 319 401 standard specifies baseline policy requirements on the operation and management practices of Trust Service Provider. The general requirements cover controls for access management, network security, incident management, business continuity management and compliance.

    Digidentity obtained the separate certificate for ETSI EN 319 401 in 2021 where the certification was always included in the ETSI 319 411 certification since 2011.

    Digidentity is audited annually on compliance to ETSI EN 319 401 by BSI Group Netherlands (certificate ETS 076).

  • ETSI EN 319 411-1 - Policy & Security requirements for TSP issuing public key certificates


    Digidentity is certified against ETSI EN 319 411-1 defining the requirements for the issuance of public key certificates. Digidentity issues public key certificates for authentication, encryption, and non-repudiation as well as server certificates for authentication and encryption.

    The ETSI EN 319 411-1 standard defines requirements for certificate life cycle (registration, issuance, revocation), security controls and compliance.

    Digidentity obtained the certification in 2015 and is audited annually on compliance to ETSI EN 319 411-1 by BSI Group Netherlands (certificate ETS 043).

  • ETSI EN 319 411-2 - Policy & Security requirements for TSP issuing EU qualified certificates


    Digidentity is certified against ETSI EN 319 411-2 defining the requirements for the issuance of qualified certificates for electronic signatures. Digidentity issues qualified certificates for electronic signatures for personal and business use (eSGN Qualified) and electronic Seals for organisations (eSGN Seal).

    The ETSI EN 319 411-2 standard defines requirements for certificate life cycle (registration, issuance, revocation), security controls and compliance.

    Digidentity obtained the certification in 2011 and is audited annually on compliance to ETSI EN 319 411-2 by BSI Group Netherlands (certificate ETS 015).

  • EU Regulation 910/2014 (eIDAS) on electronic identification and trust services for electronic transactions


    Digidentity is certified against EU Regulation 910/2014 (eIDAS). eIDAS provides requirements for advance and qualified electronic signature, electronic Seals and electronic identification.

    Digidentity issues qualified certificates for qualified electronic signatures for personal and business use (eSGN Qualified) and electronic Seals for organisations (eSGN Seal). Digidentity is a Qualified Trust Services Provider (QTSP) as defined in eIDAS. Digidentity is included on the EU Trust List for Trust Service Providers for issuance of EU qualified electronic certificates. Digidentity issues digital identities for eHerkenning (eID) which is eIDAS notified in Europe.

    Digidentity obtained the certification in 2016 and is audited annually on compliance to eIDAS by BSI Group Netherlands as part of the ETSI audit (certificate ETS 015). Digidentity is also inspected annually by the Dutch Supervisory Body - Agentschap Telecom on compliance with eIDAS for both Trust Services and eID.

  • Privacy Verified - protection and processing of personal data in accordance with GDPR


    Digidentity is compliant with the requirements in EU Regulation 679/2016 (GDPR) for protection of personal data.

    Digidentity safeguards the privacy of our customers. Digidentity complies to the GDPR requirements for performing Data Protection Impact Analysis (DPIA), record of processing activities, agreed Processor Agreements, has a data breach response plan, information security policy and is transparent on the processing of personal data.

    Digidentity obtained the certification in 2021 and is audited annually on compliance to GDPR by Privacy Verified/ICT Recht (certificate).

  • tScheme – Requirements for Trust Service Providers in the UK


    Digidentity is certified against the tScheme requirements for GOV.UK Verify.

    tScheme is the self-regulatory body for electronic trust service approval in the UK. The GOV.UK Verify service of the Government Digital Service (GDS). GDS rely on Trust Service Providers (TSP) to confirm the identity of an individual.

    Digidentity uses a set of rules specified by the UK Government for the issuance of a digital identity. Digidentity is approved under the ‘Verify Scheme’. The scheme defines the range of activities Digidentity must carry out and criteria Digidentity must meet and includes acquiring tScheme approval for delivering services.

    tScheme aims to improve levels of trust in digital economies. Digidentity is an Identity Service Provider for GOV.UK Verify and has achieved the tScheme Approved Service certification against requirement defined in Operations Manual, GPG44 and GPG45.

    Digidentity is audited annually on compliance to the tScheme requirements by Lloyd’s Register from the UK.

01 - 00