FNMT-RCM quality is assured
In its activity as a Provider of Certification Services the FNMT-RCM has adopted the measures necessary to guarantee the maximum quality and security of electronic certificates, just as it has been doing for more than a century with all of its other products:
- The FNMT is the first provider of certification services that has obtained accreditation for its quality management system in accordance with ISO standard 9001:2000, accorded by AENOR and IQNET for the design, development and provision of certification services with respect to electronic signatures, trusted third party services, time stamping authority and attribute certification authority.
- Likewise the FNMT-RCM has gained international recognition for its certification practices by becoming certified in keeping with the European standard "ETSI 101 456 ? Policy Requirements for Certification Authorities issuing Qualified Certificates". During this accreditation process its systems were also audited in accordance with the standard "CWA 14167-1 Security Requirements for Trustworthy Systems Managing Certificates for Electronic Signatures - Part 1: System Security Requirements" with very positive results.
- In addition, the FNMT-RCM-CERES keeps its good practices and its Internet code of conduct accredited through the Internet Quality Agency. The IQUA seal of quality is a guarantee of the quality level of the website and is obtained based on the sectorial codes of conduct drawn up by members belonging to IQUA, and the websites are audited to guarantee observance of the behavioral standards approved by the respective sector.
- The FNMT is currently working on an ambitious project to obtain the Information Systems Security Certification in compliance with ISO 17799, the standard that regulates security management systems. This work is being developed jointly with external auditors and will be finalized shortly.
These accreditations necessitate the following:
- That the CERES certification practices for issuing qualified certificates are in compliance with community law and, since Spanish law is derived from EC standards, that to a large extent they comply with Electronic Signature Law 59/2003.
- That the individual user certificates have a profile that complies with the requirements established for the qualified certificate profile. That is to say, that it complies with Annex I of the electronic signature directive 1999/93/CE, with the characteristics set out in Law 59/2003 for qualified certificates and with the European standard "ETSI 101 862. Qualified certificate profile".
- That the policies and practices of CERES for issuing qualified certificates comply with the requirements for service providers who issue qualified certificate established in Annex II of the electronic directive 1999/93/CE, those established in the Electronic Signature Law 59/2003 and of course those described in the European standard "ETSI 101 456: Certification policy requirements of certification authorities who issue qualified certificates.
- That the electronic signatures implemented by the individual user certificates issued by FNMT Class 2 CA, within a secure signature creation device, are qualified electronic signatures and as such they have the same legal validity as the handwritten signature.