Disclosure Records of Recognized Certification Authorities

Disclosure Record for Digi-Sign Certification Services Limited

(This is page 9 of the disclosure record for Digi-Sign Certification Services Limited ("Digi-Sign") maintained by the Government Chief Information Officer ("GCIO") under section 31(1) of the Electronic Transactions Ordinance (Cap. 553) ("Ordinance"). Click this link to go back to page 1 of the disclosure record.)

Assessment Report and Statutory Declaration (1 June 2004 - 31 May 2005)

Digi-Sign furnished an assessment report and a statutory declaration to the GCIO. The GCIO published the respective dates of the assessment report and the statutory declaration and the material information in the assessment report and the statutory declaration in the following paragraphs of the certification authority disclosure record for Digi-Sign in accordance with section 43(3) of the Ordinance.

Assessment Report

A.  Date of the Report

• The date of the report is 10 June 2005.

B.  Material Information

1. The assessment report was prepared by the assessor for the period between 1 June 2004 and 31 May 2005.

   Recognized CA Practices

2. In the assessor's opinion, in all material respects,

   1. the management assertions in respect of Digi-Sign's compliance with the sections of the Code of Practice (see Note 1) set out in Appendix IV (see Note 2) of the assessment report for the period from 1 June 2004 to 31 May 2005 are reasonable. In particular, Digi-Sign has:

      1. disclosed its business practices in its CPS(s) (see Note 3) in accordance with the Ordinance and the Code of Practice and provided its services in accordance with its disclosed business practices;
      2. complied with the requirements in respect of the use of a trustworthy system to support its operations in accordance with section 37 of the Ordinance and the Code of Practice; and
      3. complied with the requirements in respect of recognition of its certificates in accordance with sections 36, 39, 40, 44 and 45(1) of the Ordinance and the Code of Practice;
   2. no information came to the attention of the assessor during the course of the assessment that would indicate that the management assertions in respect of Digi-Sign's compliance with the sections of the Code of Practice set out in Appendix V (see Note 4) of the assessment report for the period from 1 June 2004 to 31 May 2005 are not reasonable; and
   3. based on the conclusions drawn in paragraphs (a) and (b) above, the management assertions in respect of Digi-Sign's compliance with the provisions of the Ordinance applicable to a recognized CA for the period from 1 June 2004 to 31 May 2005 are reasonable.

   Financial projections

3. In the assessor's opinion, in all material respects, the accounting policies upon which Digi-Sign's projected cashflow statement and projected balance sheets for the period from 1 May 2005 to 30 April 2006, and projection of operating costs for the next 90 days from 1 May 2005, in respect of the CA's operations relevant under the Ordinance are based, are consistent with those normally adopted by Digi-Sign and conform with generally accepted accounting principles adopted in Hong Kong, and the financial projections have been properly compiled on the basis of the assumptions made by management of Digi-Sign.
4. It has been ascertained from Digi-Sign that the amount of net current assets (i.e. current assets less current liabilities) as shown in the unaudited management accounts of Digi-Sign for the period ended 30 April 2005 was in a positive net current assets position. The amount of net current assets as shown in the unaudited management accounts of Digi-Sign for the period ended 30 April 2005 exceeds the 90-day projection of operating costs from 1 May 2005.

5. The assessor has not carried out any verification work on the unaudited management accounts of Digi-Sign for the period ended 30 April 2005.

   Potential liabilities

6. In the assessor's opinion, in all material respects, the management assertions that Digi-Sign has implemented and maintained appropriate procedures to determine and manage its potential liabilities in relation to the issue of certificates are reasonable.

C.  Additional Material Information Provided by the Assessor

• The assessor confirmed that the assessment has covered all the provisions of the Ordinance and of the Code of Practice as specified in paragraph 1 of Appendix 2 of the Code of Practice. Furthermore, the assessor has examined the provisions of the Ordinance and of the Code of Practice which have not been explicitly mentioned in the assessment report and maintained the conclusion in the assessment report.

Statutory Declaration

A.  Date of the Declaration

• The date of the report is 7 June 2005.

B.  Material Information

• A responsible officer of Digi-Sign declares that Digi-Sign has, from 1 June 2004 until 31 May 2005, complied with the provisions of the Ordinance and the provisions of the Code of Practice which have been set out under paragraph 2 of Appendix 2 of the Code of Practice.

Notes

1. Code of Practice for Recognized Certification Authorities published by the GCIO under section 33 of the Ordinance.
2. The Appendix IV of the assessment report is extracted as follows:

   Relevant Provisions of the Code of Practice General Responsibilities of a Recognized CA: Paragraphs 3.1, 3.2, 3.4, 3.5 and 3.8 Certificate Practice Statement: Paragraphs 4.1 to 4.6, 4.8 to 4.10 and 4.12 to 4.13 Trustworthy System: Paragraphs 5.1, 5.6, 5.7, 5.9, 5.10, 5.12 to 5.15, 5.19 to 5.21 Certificates and Recognized Certificates: Paragraphs 6.1 to 6.8, 6.10 to 6.23 Verification of Subscriber's Identity: Paragraphs 7.1 and 7.2 Reliance Limit and Liability Cover: Paragraphs 8.1 and 8.2 Repositories: Paragraphs 9.1, 9.3 and 9.5 Disclosure of Information: Paragraphs 10.1 to 10.3 Termination of Service: Paragraphs 11.1 to 11.4 Assessment of Compliance with the Ordinance and this Code of Practice: Paragraph 12.1 Inter-operability: Paragraph 15.2 Appendix 1 - Standards and Procedures regarding the Contents of Certification Practice Statements: All sections in Appendix 1 of this Code of Practice

3. Certification practice statement.
4. The Appendix V of the assessment report is extracted as follows:

   Relevant Provisions of the Code of Practice General Responsibilities of a Recognized CA: Paragraphs 3.3 and 3.6 Trustworthy System: Paragraphs 5.11, 5.16 and 5.17 Reliance Limit and Liability Cover: Paragraphs 8.3 and 8.4 Repositories: Paragraphs 9.2 and 9.4 Disclosure of Information: Paragraphs 10.4 to 10.6 Termination of Service: Paragraph 11.5 Declaration of Compliance with the Ordinance and this Code of Practice: Paragraph 13.1 Adoption of Standards and Technology: Paragraph 14.1 Inter-operability: Paragraph 15.1

5. The footnotes in the above paragraphs are disclosed in accordance with section 31(2) of the Ordinance.