Disclosure Records of Recognized Certification Authorities
Disclosure Record for Digi-Sign Certification Services Limited
(This is page 5 of the disclosure record for Digi-Sign Certification Services Limited ("Digi-Sign") maintained by the Government Chief Information Officer under section 31(1) of the Electronic Transactions Ordinance (Cap. 553) ("Ordinance"). Click this link to go back to page 1 of the disclosure record.)
Assessment Report in respect of Proposed Enhanced Operations at Remote Locations
In early July 2003, Digi-Sign proposed to introduce changes in relevant systems and procedures to its registration authority operations to enable the on-line loading of ID-Cert and private key onto diskettes at certain locations outside Digi-Sign's premises ("Proposed Enhanced Operations"). In accordance with section 5.6 of the Code of Practice for Recognized Certification Authorities ("Code of Practice"), Digi-Sign had arranged the preparation of an assessment report by an independent assessor in respect of the Proposed Enhanced Operations.
Extracts from the aforesaid assessment report are herewith published pursuant to section 31(2) of the Ordinance.
A. Date of the Report
- The date of the report is 17 July 2003.
B. Material Information
- The objective of the assessment is to enable the assessor to draw conclusion for the purposes of section 5.6 of the Code of Practice as to whether, in all material respects, Digi-Sign will be capable of complying with the provisions of the Ordinance and the Code of Practice following the implementation of the Proposed Enhanced Operations.
- In the assessor's opinion, in all material respects,
- the management assertions related to the Proposed Enhanced Operations in respect of Digi-Sign's capability to comply with the sections of the Code of Practice set out in Part A of Appendix 3 to Practice Note 870 (Note 1) as at the date of assessment, 17 July 2003, are reasonable. In particular, Digi-Sign is capable of:
- disclosing its business practices in its CPS (Note 2) in accordance with the Ordinance and the Code of Practice and providing its services in accordance with its disclosed business practices;
- complying with the requirements in respect of the use of a trustworthy system to support its operations in accordance with section 37 of the Ordinance and the Code of Practice; and
- complying with the requirements in respect of recognition of its certificates in accordance with sections 36, 38, 39 and 40 of the Ordinance and the Code of Practice;
- no information came to the assessor's attention during the course of the assessment that would indicate that the management assertions related to the Proposed Enhanced Operations in respect of Digi-Sign's capability to comply with the sections of the Code of Practice set out in Part B of Appendix 3 to Practice Note 870 as at the date of assessment, 17 July 2003, are not reasonable; and
- based on the conclusions drawn in (a) and (b) above, in all material respects, the management assertions in respect of Digi-Sign's capability to comply with the provisions of the Ordinance applicable to a recognized CA following the implementation of the Proposed Enhanced Operations are reasonable.
- the management assertions related to the Proposed Enhanced Operations in respect of Digi-Sign's capability to comply with the sections of the Code of Practice set out in Part A of Appendix 3 to Practice Note 870 (Note 1) as at the date of assessment, 17 July 2003, are reasonable. In particular, Digi-Sign is capable of:
Notes
- Practice Note 870 "The Assessment of Certification Authorities under the Electronic Transactions Ordinance" issued by the then Hong Kong Society of Accountants.
- Certification practice statement.
