Search Menu
Language Menu
Mobile Menu
Search
OGCIO
Home
Our Work
Strategies & Government IT InitiativesLegal Framework & Domain Name AdministrationCommunity Initiatives & IT ServicesBusiness & Industry DevelopmentIT Infrastructure & StandardsInformation & Cyber Security
Legal Framework & Domain Name Administration
Electronic Transactions Ordinance (Chapter 553)Domain Name Administration
Electronic Transactions Ordinance (Chapter 553)
Electronic Transactions Ordinance (Chapter 553)The OrdinanceVoluntary Certification Authority Recognition SchemeDigital Certificates for Electronic TransactionsLegislative Council PapersFrequently Asked QuestionsGlossaryUseful LinksContacts
Voluntary Certification Authority Recognition Scheme
IntroductionDisclosure Records of Recognized Certification AuthoritiesRecognition of Certification Authorities & CertificatesApplication for RecognitionApplication for Participation in Mutual Recognition of Electronic Signature CertificatesCode of Practice for Recognized Certification AuthoritiesList of recognized certificates available for subscriptions
Disclosure Records of Recognized Certification Authorities
Disclosure Record for the Postmaster GeneralDisclosure Record for Digi-Sign Certification Services LimitedDisclosure Record for Joint Electronic Teller Services LimitedDisclosure Record for HiTRUST.COM (HK) Incorporated Limited
Disclosure Record for the Postmaster General
< Back

Disclosure Records of Recognized Certification Authorities

Disclosure Record for the Postmaster General

(This is page 10 of the disclosure record for the Postmaster General maintained by the Government Chief Information Officer ("GCIO") under section 31(1) of the Electronic Transactions Ordinance (Cap. 553) ("Ordinance"). Click this link to go back to page 1 of the disclosure record.)

Assessment Report and Statutory Declaration in respect of the Outsourcing Arrangement for the Postmaster General's Certification Authority ("CA") Operation

Postmaster General planned to appoint E-Mice Solution (HK) Limited ("E-Mice") as its agent in carrying out operations and maintenance of the system and services of the Postmaster General's CA operation from 1 April 2007 to 31 March 2011. It is noted that the outsourcing arrangement of the Postmaster General's CA operation would involve changes to the current financial status, the liability arrangement and the relevant systems, procedures and security arrangement for the CA operation of the Postmaster General.

The GCIO considered that the changes as set out in the preceding paragraph as major changes. In this light, the GCIO had, by notice given to the Postmaster General, required the Postmaster General to furnish to the GCIO an assessment report and a statutory declaration pursuant to section 43A(1) of the Ordinance. In this connection, the Postmaster General arranged the preparation of an assessment report produced by an independent assessor as well as furnished a statutory declaration made by a responsible officer of the Postmaster General in respect of the outsourcing arrangement of the Postmaster General's CA operation.

In accordance with section 43A(3) of the Ordinance, the GCIO must publish in the disclosure record for the Postmaster General as a recognized certification authority the dates of and the material information in the assessment report and statutory declaration on the certification authority ("CA") services of the Postmaster General. Only those parts of the report and statutory declaration containing material information are herewith published.

The Postmaster General is hereinafter referred to as the "Hongkong Post CA".

Assessment Report

A. Date of the Report

  • The date of the report is 9 March 2007.

B. Material Information

  1. Recognized CA Practices

  1. Apart from the matters noted in paragraph 8 below, in the assessor's opinion, in all material respects:
    1. the management assertions in respect of Hongkong Post CA's compliance with the sections of the Code of Practice (Note 1) set out in Part 3A of Appendix 3 to Practice Note 870 (Note 2) as a result of the significant change on 1 April 2007 as of the date of assessment 6 March 2007, are reasonable. In particular, Hongkong Post CA is capable of:
      1. disclosing its business practices in its CPSs (Note 3) in accordance with the provisions of the Ordinance applicable to a RCA (Note 4) and the Code of Practice and providing its services in accordance with its disclosed business practices;
      2. reasonably complying with the requirements in respect of the use of a trustworthy system to support its operations in accordance with section 37 of the Ordinance and the Code of Practice; and
      3. reasonably complying with the requirements in respect of recognition of its certificates in accordance with the provisions of the Ordinance applicable to a RCA and the Code of Practice;
    2. no information came to the attention of the assessor during the course of the assessment that would indicate that the management assertions, in respect of Hongkong Post CA's capability to comply with the sections of the Code of Practice set out in Part 3B of Appendix 3 to Practice Note 870 as a result of the significant change on 1 April 2007 as of the date of assessment 6 March 2007, are not reasonable; and
    3. based on the conclusions drawn in paragraphs (a) and (b) above in respect of Hongkong Post CA's capability to comply with the provisions of the Ordinance applicable to a RCA as a result of the significant change on 1 April 2007 as of the date of assessment 6 March 2007, the management assertions, in respect of Hongkong Post CA's capability to comply with the provisions of the Ordinance applicable to a RCA as a result of the significant change on 1 April 2007, are reasonable.

    Financial projections

  2. In the assessor's opinion, in all material respects, the accounting policies upon which Hongkong Post CA's cashflow projections for the two 6-month period intervals from 1 April 2007 to 30 September 2007 and from 1 October 2007 to 31 March 2008, financial position forecasts as at 30 September 2007 and as at 31 March 2008, and projection of operating costs for the period from 1 April 2007 to 30 June 2007, in respect of the RCA's operations relevant under the Ordinance are based, are consistent with those normally adopted by Hongkong Post CA and conform with generally accepted accounting principles adopted in Hong Kong, and the financial projections have been properly compiled on the basis of the assumptions made by the management of Hongkong Post CA.
  3. It has been ascertained from Hongkong Post CA that the amount of net current assets (i.e. current assets less current liabilities) as shown in the unaudited management accounts of Hongkong Post CA as at 31 March 2007 was a negative number (i.e. a net current liability).
  4. Net current assets are negative but the projected operating costs are nil. However, the Postmaster General has confirmed that it will provide continued financial support to enable Hongkong Post CA to meet its liabilities as and when they fall due.
  5. The assessor has not carried out any verification work on the unaudited financial forecasts of Hongkong Post CA for the year ending 31 March 2007.

Potential liabilities

  1. Due to the nature of the industry in which Hongkong Post CA operates, there is uncertainty in determining Hongkong Post CA's potential liabilities given the limited history of past claims (both in Hong Kong and other parts of the world for risks of this nature).
  2. In the assessor's opinion, in all material respects, the management assertions that Hongkong Post CA and E-Mice will implement and maintain appropriate procedures to determine and manage Hongkong Post CA's potential liabilities in relation to the issuance of certificates are reasonable.

Matters Arising

  1.   Matters Arising Response of Hongkong Post CA
    i. Given the fact that certain specific procedures and controls (e.g. updating of access control lists, change of user ID, passwords and PINs, disconnection of the RCA centre network from the Government Network, etc.) designed to ensure compliance with the Ordinance and Code of Practice would be implemented between 6 March 2007 (i.e. the completion date of the assessor's assessment work) and the tentative implementation date of 1 April 2007 for the significant change, as a result the assessor were unable to ascertain if such planned procedures and controls would be effectively implemented on or before 1 April 2007. Despite the above, the assessor noted that E-Mice has put in place an implementation plan for these procedures and controls which the assessor understand will be implemented before 1 April 2007.
         		 Except some adjustment to the effect of E-Mice's take-over, the Hongkong Post CA operation process covered by the Certification Practice Statement will remain unchanged when E-Mice takes over the Hongkong Post CA operation on 1 April 2007. The outsourcing arrangements have been under the monitoring of a Management Committee.

    The controls and procedures would be implemented by E-Mice for its take-over of the Hongkong Post CA operations on 1 April 2007.
     

Statutory Declaration

A. Date of the Declaration

  • The date of the declaration is 15 March 2007.

B. Material Information

  • Having regard to the outsourcing arrangement of the operation of Hongkong Post CA which will occur on 1 April 2007, a responsible officer of Hongkong Post CA declares that Postmaster General as a RCA is capable of complying with the provisions of the Code of Practice which have been set out under paragraph 2 of Appendix 2 of the Code of Practice.

Notes

  1. Code of Practice for Recognized Certification Authorities issued by the GCIO under section 33 of the Ordinance.
  2. Practice Note 870 "The Assessment of Certification Authorities under the Electronic Transactions Ordinance" issued by the Hong Kong Institute of Certified Public Accountants.
  3. Certification practice statements.
  4. Recognized certification authority.
  5. The responses to the matters arising as reported by Hongkong Post CA and the notes in the above paragraphs are disclosed in accordance with section 31(2) of the Ordinance.
Related LinksDomain Name Administration
Previous ArticleOGCIO: Disclosure Record for the Postmaster General - P.9
Next ArticleOGCIO: Disclosure Record for the Postmaster General - P.11
The Best is Yet to Come - Innovation and Technology
The 2024-25 Budget
The Chief Executive’s 2023 Policy Address
Facilitating of the Cross-boundary Data Flow within the Greater Bay Area
Exhibition of the 3rd Anniversary of Hong Kong National Security Law
You can stop corruption. Report Now!
ICT Outreach Programme for the Elderly
MSW Charging
Let Social Enterprises Bloom!
Legislative Control of Cannabidiol (CBD)
National Security Education Day
“Maker in China” SME Innovation and Entrepreneurship Global Contest - Hong Kong Chapter)
Electronic Health Record Sharing System (eHealth)
Improve Electoral System Ensure Patriots Administering Hong Kong
Support Clean Elections
iAM Smart Safe and Swift
CSDI website
Safeguarding National Security
Multi-functional Smart Lampposts
Fact Sheet : Office of the Government Chief Information Officer
ICT Event Calendar
Smart Government Innovation Lab
talent.gov.hk
New Patent System
Prohibition on Face Covering Regulation
Elderly IT Learning Portal
Hong Kong Legal Hub
Guangdong-Hong Kong-Macao Greater Bay Area
Cybersec Infohub
Corruption Prevention Advisory Service
Approved Fund-raising Activities
Cyber Security Information Portal
Hong Kong's Legal Services
IT Career Role Models Platform
Hong Kong Smart City Blueprint Portal
Web Accessibility Campaign - Making Web Content Available for All
Mutual Recognition of Electronic Signature Certificates issued by Hong Kong and Guangdong
The InfoCloud portal
Marketing Consultancy Office (Rehabilitation)
Developing Datacentre in Hong Kong
Wi-Fi․HK
GovHK Website
Government Computer Emergency Response Team Hong Kong (GovCERT․HK)
DATA․GOV․HK
CCLI Webste
CEPA
Hong Kong/Guangdong Expert Group on Co-operation in Informatisation
Hong Kong ICT Awards
INFO SEC
Student IT Corner
PreviousNext