Search Menu
Language Menu
Mobile Menu
Search
OGCIO
Home
Our Work
Strategies & Government IT InitiativesLegal Framework & Domain Name AdministrationCommunity Initiatives & IT ServicesBusiness & Industry DevelopmentIT Infrastructure & StandardsInformation & Cyber Security
Legal Framework & Domain Name Administration
Electronic Transactions Ordinance (Chapter 553)Domain Name Administration
Electronic Transactions Ordinance (Chapter 553)
Electronic Transactions Ordinance (Chapter 553)The OrdinanceVoluntary Certification Authority Recognition SchemeDigital Certificates for Electronic TransactionsLegislative Council PapersFrequently Asked QuestionsGlossaryUseful LinksContacts
Voluntary Certification Authority Recognition Scheme
IntroductionDisclosure Records of Recognized Certification AuthoritiesRecognition of Certification Authorities & CertificatesApplication for RecognitionApplication for Participation in Mutual Recognition of Electronic Signature CertificatesCode of Practice for Recognized Certification AuthoritiesList of recognized certificates available for subscriptions
Disclosure Records of Recognized Certification Authorities
Disclosure Record for the Postmaster GeneralDisclosure Record for Digi-Sign Certification Services LimitedDisclosure Record for Joint Electronic Teller Services LimitedDisclosure Record for HiTRUST.COM (HK) Incorporated Limited
Disclosure Record for Digi-Sign Certification Services Limited
< Back

Disclosure Records of Recognized Certification Authorities

Disclosure Record for Digi-Sign Certification Services Limited

(This is page 14 of the disclosure record for Digi-Sign Certification Services Limited ("Digi-Sign") maintained by the Government Chief Information Officer ("GCIO") under section 31(1) of the Electronic Transactions Ordinance (Cap. 553) ("Ordinance"). Click this link to go back to page 1 of the disclosure record.)

Assessment Report and Statutory Declaration in respect of the Technical CA System Upgrade

Digi-Sign planned to upgrade its technical certification authority ("CA") system, which is part of the trustworthy system, to support Digi-Sign's recognized CA operation. The components of the recognized CA system to be upgraded include a) the CA application software including the database software, b) the operating system of the CA servers and c) the hardware security module.

The GCIO considered the changes as set out in the preceding paragraph as major changes. In this light, the GCIO had, by notice given to Digi-Sign, required Digi-Sign to furnish to the GCIO an assessment report and a statutory declaration pursuant to section 43A(1) of the Ordinance. In this connection, Digi-Sign arranged the preparation of an assessment report produced by an independent assessor as well as furnished a statutory declaration made by a responsible officer of Digi-Sign in respect of the technical CA system upgrade.

In accordance with section 43A(3) of the Ordinance, the GCIO must publish in the disclosure record for Digi-Sign as a recognized CA the dates of and the material information in the assessment report and statutory declaration on the CA services of Digi-Sign. Only those parts of the report and statutory declaration containing material information are herewith published.

Assessment Report

(A)  Date of the Report

  • The date of the report is 28 November 2006.

(B)  Material Information

  • Recognized CA Practices
  • In the assessor's opinion, having regard to Digi-Sign's plan to upgrade its technical CA system, in all material respects,

  1. the management assertions in respect of Digi-Sign's capability to comply with the sections of the Code of Practice (see Note 1) set out in Appendix II (see Note 2) of the assessment report as at the date of assessment, 28 November 2006, are reasonable. In particular, Digi-Sign is capable of:

    1. disclosing its business practices in its CPS (see Note 3) in accordance with the Ordinance and the Code of Practice and providing its services in accordance with its disclosed business practices;

    2. complying with the requirements in respect of the use of a trustworthy system to support its operations in accordance with section 37 of the Ordinance and the Code of Practice; and

    3. complying with the requirements in respect of recognition of its certificates in accordance with sections 36, 37, 39, 40 and 45(1) of the Ordinance and the Code of Practice;

  2. no information came to the attention of the assessor during the course of the assessment that would indicate that the management assertions in respect of Digi-Sign's capability to comply with the sections of the Code of Practice set out in Appendix III (see Note 4) of the assessment report as at the date of assessment, 28 November 2006, are not reasonable; and

  3. based on the conclusions drawn in paragraphs (a) and (b) above, the management assertions in respect of Digi-Sign's capability to comply with the provisions of the Ordinance applicable to a recognized CA are reasonable.

(C)  Additional Material Information Provided by the Assessor

  • The assessor confirmed that the assessment has covered the provisions of the Ordinance and of the Code of Practice which have not been explicitly mentioned in paragraph B above (i.e. section 46 of the Ordinance as well as paragraphs 5.2 and 5.3 of the Code of Practice). Furthermore, the assessor has also confirmed that, after reviewing these provisions, they considered that these provisions would not cause any impact to the conclusions in the assessment report.

 

Statutory Declaration

(A)  Date of the Declaration

  • The date of the declaration is 27 November 2006.

(B)  Material Information

  • Having regard to Digi-Sign's plan to upgrade its technical CA system, a responsible officer of Digi-Sign verily believed that Digi-Sign was capable of complying with the provisions of the Ordinance and the Code of Practice as specified in paragraph 2 of Annex II of the GCIO notice (see Note 5).

Notes

  1. Code of Practice for Recognized Certification Authorities published by the GCIO under section 33 of the Ordinance.

  2. The Appendix II of the assessment report is extracted as follows: 

    Relevant Provisions of the Code of Practice

    1. General Responsibilities of a Recognized CA:
      Paragraphs 3.2 and 3.5.

    2. Certification Practice Statement:
      Paragraphs 4.1, 4.2, 4.6, 4.12 and 4.13.

    3. Trustworthy System:
      Paragraphs 5.1, 5.6, 5.7, 5.9, 5.10, 5.12 to 5.15 inclusive and 5.19 to 5.21 inclusive.

    4. Certificates and Recognized Certificates:
      Paragraphs 6.4, 6.5, 6.7, 6.10, 6.11, 6.13, 6.14, 6.16, 6.17, 6.19 and 6.21 to 6.23 inclusive.

    5. Repositories:
      Paragraphs 9.1, 9.3 and 9.5.

    6. Disclosure of Information:
      Paragraph 10.1.

    7. All paragraphs in Appendix 1 of the Code of Practice.

  3. Certification practice statement.

  4. The Appendix III of the assessment report is extracted as follows: 

    Relevant Provisions of the Code of Practice

    1. General Responsibilities of a Recognized CA:
      Paragraphs 3.3 and 3.6.

    2. Trustworthy System:
      Paragraphs 5.11, 5.16 and 5.17.

    3. Repositories:
      Paragraphs 9.2 and 9.4.

    4. Disclosure of Information:
      Paragraph 10.6.

    5. Adoption of Standards and Technology:
      Paragraph 14.1.

  5. Paragraph 2 of Annex II of the GCIO notice is reproduced below for reference: 

    2 For the purpose of section 43A(1)(d)(i) of the Ordinance
    2.1 A responsible officer of Digi-Sign Certification Services Limited ("Digi-Sign") shall make a statutory declaration which states that, having regard to the major changes that will occur, Digi-Sign is capable of complying with the following provisions of the Ordinance.

    1. Part VII - Recognition of CAs and Certificates by GCIO:
      Section 21(4)(e).
    2.2 A responsible officer of Digi-Sign shall make a statutory declaration which states that, having regard to the major changes that will occur, Digi-Sign is capable of complying with the following provisions of the Code of Practice.

    1. General Responsibilities of a Recognized CA:
      Paragraphs 3.7 and 3.9.

    2. Trustworthy System:
      Paragraph 5.18.

    3. Disclosure of Information:
      Paragraphs 10.7 to 10.9 inclusive.

    4. Consumer Protection:
      Paragraph 16.1.

  6. The notes in the above paragraphs are disclosed in accordance with section 31(2) of the Ordinance.

Related LinksDomain Name Administration
Previous ArticleOGCIO: Disclosure Record for Digi-Sign - P.13
Next ArticleOGCIO: Disclosure Record for Digi-Sign - P.15
The Best is Yet to Come - Innovation and Technology
The 2024-25 Budget
The Chief Executive’s 2023 Policy Address
Facilitating of the Cross-boundary Data Flow within the Greater Bay Area
Exhibition of the 3rd Anniversary of Hong Kong National Security Law
You can stop corruption. Report Now!
ICT Outreach Programme for the Elderly
MSW Charging
Let Social Enterprises Bloom!
Legislative Control of Cannabidiol (CBD)
National Security Education Day
“Maker in China” SME Innovation and Entrepreneurship Global Contest - Hong Kong Chapter)
Electronic Health Record Sharing System (eHealth)
Improve Electoral System Ensure Patriots Administering Hong Kong
Support Clean Elections
iAM Smart Safe and Swift
CSDI website
Safeguarding National Security
Multi-functional Smart Lampposts
Fact Sheet : Office of the Government Chief Information Officer
ICT Event Calendar
Smart Government Innovation Lab
talent.gov.hk
New Patent System
Prohibition on Face Covering Regulation
Elderly IT Learning Portal
Hong Kong Legal Hub
Guangdong-Hong Kong-Macao Greater Bay Area
Cybersec Infohub
Corruption Prevention Advisory Service
Approved Fund-raising Activities
Cyber Security Information Portal
Hong Kong's Legal Services
IT Career Role Models Platform
Hong Kong Smart City Blueprint Portal
Web Accessibility Campaign - Making Web Content Available for All
Mutual Recognition of Electronic Signature Certificates issued by Hong Kong and Guangdong
The InfoCloud portal
Marketing Consultancy Office (Rehabilitation)
Developing Datacentre in Hong Kong
Wi-Fi․HK
GovHK Website
Government Computer Emergency Response Team Hong Kong (GovCERT․HK)
DATA․GOV․HK
CCLI Webste
CEPA
Hong Kong/Guangdong Expert Group on Co-operation in Informatisation
Hong Kong ICT Awards
INFO SEC
Student IT Corner
PreviousNext