Recognition of testing and confirmation bodies

Confirmation bodies or testing and confirmation bodies have the task of checking and confirming security concepts of certification service providers (testing and confirmation body) and confirming that the legal requirements for products for qualified electronic signatures are met (confirmation body).

The recognized bodies must perform their tasks impartially, free of instructions and conscientiously. Tests and confirmations that have been carried out must be documented.

Upon application, both natural persons and legal entities can be recognized as confirmation or testing and confirmation bodies.

Requirements

A person is deemed to be reliable if, on the basis of his or her personal qualities, conduct and abilities, he or she is suitable for the proper performance of the duties incumbent upon him or her.

• Independence: A person is deemed independent if he or she is not subject to any economic, financial or other pressure that could influence his or her judgment or jeopardize the impartial performance of his or her duties.
• Expertise: The necessary expertise is possessed by those who, on the basis of their training, professional education and practical experience, are suitable for the proper performance of the tasks incumbent upon them.
• Accreditation of the applicant body in accordance with DIN EN 45011 as a certification body for IT security in accordance with ITSEC or CC or accreditation as a testing body in accordance with DIN EN ISO/IEC 17025 as a testing laboratory for IT security with licensing for testing in accordance with ITSEC or CC by the Federal Office for Information Security (BSI).
• For recognition as a testing and confirmation body for security concepts: Submission of a documented testing and confirmation procedure for security concepts.