Disclosure Records of Recognized Certification Authorities
Disclosure Record for Digi-Sign Certification Services Limited
(This is page 10 of the disclosure record for Digi-Sign Certification Services Limited ("Digi-Sign") maintained by the Government Chief Information Officer ("GCIO") under section 31(1) of the Electronic Transactions Ordinance (Cap. 553) ("Ordinance"). Click this link to go back to page 1 of the disclosure record.)
Assessment Reports and Statutory Declarations in respect of Relocation of Office
Digi-Sign planned to relocate its office on 17 September 2005. The relocation of the office would involve a) setting up of the secure areas, networks, access control system, etc, in the new office, and b) moving of computer, workstations, equipment, etc, to the new office.
The GCIO considered that the changes as set out in the preceding paragraph as major changes. In this light, the GCIO had, by notice given to Digi-Sign, required Digi-Sign to furnish to the GCIO two sets of assessment report and statutory declaration pursuant to section 43A(1) of the Ordinance. In this connection, Digi-Sign arranged the preparation of two assessment reports produced by an independent assessor as well as furnished two statutory declarations made by a responsible officer of Digi-Sign in respect of the relocation of office. The first set of assessment report and statutory declaration was furnished before the relocation of the office, while the second set of assessment report and statutory declaration was furnished after the relocation of the office.
In accordance with section 43A(3) of the Ordinance, the GCIO must publish in the disclosure record for Digi-Sign as a recognized certification authority ("CA") the dates of and the material information in the assessment reports and statutory declarations on the CA services of Digi-Sign. Only those parts of the reports and statutory declarations containing material information are herewith published.
(I) 1st Set of Assessment Report and Statutory Declaration
Assessment Report
(A) Date of the Report
- The date of the report is 17 August 2005.
(B) Material Information
- In the assessor's opinion, having regard to the planned relocation of Digi-Sign's office, Digi-Sign was capable of complying with the provisions of the Ordinance and the Code of Practice, as specified in paragraph 1 of Annex II of the GCIO notice (see Note).
Statutory Declaration
(A) Date of the Declaration
- The date of the declaration is 17 August 2005.
(B) Material Information
- Having regard to Digi-Sign's planned relocation of its office, a responsible officer of Digi-Sign verily believed that Digi-Sign was capable of complying with the provisions of the Ordinance and the Code of Practice, as specified in paragraph 2 of Annex II of the GCIO notice (see Note).
(II) 2nd Set of Assessment Report and Statutory Declaration
Assessment Report
(A) Date of the Report
- The date of the report is 26 September 2005.
(B) Material Information
- In the assessor's opinion, having regard to the relocation of Digi-Sign's office that has occurred, Digi-Sign was and was capable of complying with the provisions of the Ordinance and the Code of Practice, as specified in paragraph 1 of Annex II of the GCIO notice (see Note).
Statutory Declaration
(A) Date of the Declaration
- The date of the declaration is 26 September 2005.
(B) Material Information
- Having regard to Digi-Sign's relocation of its office that has occurred, a responsible officer of Digi-Sign verily believed that Digi-Sign was and was capable of complying with the provisions of the Ordinance and the Code of Practice, as specified in paragraph 2 of Annex II of the GCIO notice (see Note).
Note
Annex II of the GCIO notice is reproduced below for reference:
and of the Code of Practice for Purposes of Sections 43A(1)(c)(i) and (d)(i)
of the Ordinance in relation to Relocation of Office
of Digi-Sign Certification Services Limited ("Digi-Sign")
1 For purposes of section 43A(1)(c)(i) of the Electronic Transactions Ordinance (Cap. 553) ("Ordinance")
1.1 The following provisions of the Ordinance shall come within the scope of assessment to be performed by a qualified person approved by the Government Chief Information Officer ("GCIO").
| (a) | Part VII - Recognition of CAs and certificates by GCIO: Sections 21(4)(b) and (c). |
| (b) | Part X - General Provisions as to Recognized CAs: Sections 36, 37, 39, 44 and 45(1). |
| (c) | Part XI - Provisions as to secrecy, disclosure and offences: Sections 46, 47 and 48. |
1.2 The following provisions of the Code of Practice for Recognized Certification Authorities ("Code of Practice") shall come within the scope of the assessment.
| (a) | General Responsibilities of a Recognized CA: Paragraphs 3.2, 3.3, 3.5, 3.6 and 3.8. |
| (b) | Certification Practice Statement: Paragraphs 4.1, 4.2, 4.6, and 4.8 to 4.13 inclusive. |
| (c) | Trustworthy System: Paragraphs 5.1 to 5.3 inclusive, 5.6 to 5.17 inclusive and 5.19 to 5.21 inclusive. |
| (d) | Certificates and recognized certificates: Paragraphs 6.4, 6.5, 6.7, 6.10, 6.11, 6.13, 6.14, 6.16, 6.17 and 6.19 to 6.23 inclusive. |
| (e) | Verification of subscriber's identity: Paragraph 7.2. |
| (f) | Reliance limit and liability cover: Paragraphs 8.2 to 8.4 inclusive. |
| (g) | Repositories: Paragraphs 9.1 to 9.5 inclusive. |
| (h) | Disclosure of information: Paragraphs 10.1, 10.2 and 10.4 to 10.6 inclusive. |
| (i) | Adoption of standards and technology: Paragraph 14.1. |
2 For purposes of sections 43A(1)(d)(i) of the Ordinance
2.1 The following provision of the Ordinance shall be dealt with by means of a statutory declaration to be made by a responsible officer of Digi-Sign.
| (a) | Part VII - Recognition of CAs and certificates by GCIO: Section 21(4)(e). |
2.2 The following provisions of the Code of Practice shall be dealt with by means of a statutory declaration to be made by a responsible officer of Digi-Sign.
| (a) | General Responsibilities of a Recognized CA: Paragraphs 3.7 and 3.9. |
| (b) | Trustworthy System: Paragraph 5.18. |
| (c) | Disclosure of information: Paragraphs 10.7 to 10.9 inclusive. |
| (d) | Consumer protection: Paragraph 16.1. |
