Section 28Part 6 — Information Security Service Providers
Conduct of the information security service provider
←→ Navigate · Click subsection badges to collapse · Press ? for help
An information security service provider shall —
act in accordance with the representations it makes with respect to its policies and practices;
exercise reasonable care to ensure the accuracy and completeness of all material representations made by it —
that are relevant to the certificate throughout its life cycle; or
which are included in the certificate;
provide reasonably accessible means which enable a person who relies on the certificate to ascertain from the certificate —
the identity of the information security service provider;
that the person who is identified in the certificate had control of the signature device at the time of signing;
that the signature device was operational on or before the date when the certificate was issued;
provide reasonably accessible means which enable a person who relies on the certificate to ascertain, where relevant, from the certificate or otherwise —
the method used to identify the signature device holder;
any limitation on the purpose or value for which the signature device or the certificate may be used;
that the signature device is operational and has not been compromised;
any limitation on the scope or extent of liability stipulated by the information security service provider;
whether means exist for the signature device holder to give notice that a signature device has been compromised; and
whether a timely revocation service is offered;
provide a means for a signature device holder to give notice that a signature device has been compromised and ensure the availability of a timely revocation service; and
utilise trustworthy systems, procedures and human resources in performing its services.
An information security service provider shall be liable for its failure to satisfy the requirements of subsection (1)
Defined Terms
trustworthy systemssignature devicecertificate