Disclosure Records of Recognized Certification Authorities

Disclosure Record for Digi-Sign Certification Services Limited

(This is page 37 of the disclosure record for Digi-Sign Certification Services Limited (Digi-Sign) maintained by the Government Chief Information Officer (GCIO) under section 31(1) of the Electronic Transactions Ordinance (Cap. 553) (ETO).Click this link to go back to page 1 of the disclosure record.)

Assessment Report and Statutory Declaration (1 June 2022 – 31 May 2023)

In accordance with section 43(3) of the ETO, the GCIO must publish in the disclosure record for Digi-Sign as a recognized certification authority the dates of and the material information in the assessment report and statutory declaration on the certification authority (CA) services of Digi-Sign. Only those parts of the report and statutory declaration containing material information are herewith published.

Assessment Report

(A) Date of the Report

The date of the report is 10 June 2023.

(B) Material Information

1. The assessment report was prepared by the assessor for the period between 1 June 2022 and 31 May 2023.

Recognized CA practices

2. In the assessor's opinion, in all material respects,
   
   1. the management assertions in respect of Digi-Sign's compliance with the sections of the ETO and the Code of Practice (see Note 1) set out in Appendix 5 (see Note 2) of the assessment report for the period from 1 June 2022 to 31 May 2023 are reasonable. In particular, Digi-Sign has:
      
      1. disclosed its business practices in its Certification Practice Statement(s) in accordance with the ETO and the Code of Practice and provided its services in accordance with its disclosed business practices;
      2. complied with the requirements in respect of the use of a trustworthy system to support its operations in accordance with section 37 of the ETO and the Code of Practice; and
      3. complied with the requirements in respect of recognition of its certificates in accordance with sections 36, 39, 40, 42(1) and (2), 44 and 45(1) of the ETO and the Code of Practice;
   2. no information came to the assessor's attention during the course of the assessment that would indicate that the management assertions in respect of Digi-Sign's compliance with the sections of the Code of Practice set out in Appendix 6 (see Note 3) of the assessment report for the period from 1 June 2022 to 31 May 2023 are not reasonable;
   3. the management assertions in respect of Digi-Sign's compliance with all the provisions of the Certificate Policy for Mutual Recognition of Electronic Signature Certificates Issued by Hong Kong and Guangdong ("MRCP") are reasonable; and
   4. based on the conclusions drawn in paragraphs (a), (b) and (c) above, the management assertions in respect of Digi-Sign's compliance with the provisions of the ETO applicable to a recognized CA, the Code of Practice and all the provisions of the MRCP for the period from 1 June 2022 to 31 May 2023 are reasonable.

Financial projections

3. In the assessor's opinion, in all material respects, the accounting policies upon which Digi-Sign's cashflow projections and financial position forecasts for the period from 1 May 2023 to 30 April 2024, and projection of operating costs for the period from 1 May 2023 to 31 July 2023, in respect of the CA's operations relevant under the ETO are based, are consistent with those normally adopted by Digi-Sign and conform with generally accepted accounting principles adopted in Hong Kong, and the financial projections have been properly compiled on the basis of the assumptions made by management of Digi-Sign.
4. It has been ascertained from Digi-Sign that the amount of net current assets (i.e. current assets less current liabilities) as shown in the unaudited management accounts of Digi-Sign for the month ended 30 April 2023 was in a positive position and exceeds the 90-day projection of operating costs from 1 May 2023.
5. The assessor has not carried out any verification work on the unaudited management accounts of Digi-Sign for the month ended 30 April 2023.

Potential liabilities

6. In the assessor's opinion, in all material respects, the management assertions that Digi-Sign has implemented and maintained appropriate procedures to determine and manage its potential liabilities in relation to the issue of certificates are reasonable.

(C) Additional Material Information Provided by the Assessor

The assessor confirmed that sections 46, 47 and 48 of the ETO as well as paragraphs 4.11, 5.2, 5.3, 5.8, 6.9, 10.7, 10.8 and 10.9 of the Code of Practice have been covered in the scope of the assessment. The assessor considered that the management assertions in respect of Digi-Sign's compliance with the provisions of the ETO and of the Code of Practice as specified under paragraph 1 of Appendix 2 of the COP, which cover the said provisions, are reasonable.

Statutory Declaration

(A) Date of the Statutory Declaration

The date of the declaration is 8 June 2023.

(B) Material Information

A responsible officer of Digi-Sign declares that Digi-Sign has, from 1 June 2022 until 31 May 2023, complied with the provisions of the ETO and the provisions of the Code of Practice which have been set out under paragraph 2 of Appendix 2 of the Code of Practice.

Notes

1. Version 3.1 of the Code of Practice for Recognized Certification Authorities issued under section 33 of the ETO.
2. The Appendix 5 of the assessment report is extracted as follows:

3. The Appendix 6 of the assessment report is extracted as follows:

4. The information of this disclosure record is disclosed in accordance with section 31(2) of the ETO.