What certifications are those that legalize these communications?
Public and private key cryptography (RSA) is used to verify integrity.
.
Recognized electronic signature certificates and secure signature creation devices are used to provide authenticity.
.
Time stamps from recognized authorities and synchronized with the official time are used to securely date.
.
The massive registration and long-term signature of all associated traces and events is carried out (eg the moment in which the signature request is delivered, the device or browser model from which it is signed, the moment in which it is accessed reading the document, the time it takes to read, etc.)
.
There is the intervention of experts and public notaries, who generate expert evidence on the system and periodically test the system
SENDING
ACKNOWLEDGMENT OF RECEIPT
OPENING
ACCEPTED OR REJECTED
CONTENT
At any time an event occurs, a corresponding certification is generated for each of them, which is sent to all participants:
What is a Trusted Service Provider and what guarantees does it offer on the evidentiary effectiveness?
Regulation (EU) No. 910/2014 of the European Parliament and of the Council of July 23, 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93 / CE establishes that there are two types of trust service provider, qualified and unqualified.
The definitions of article 3 applied in the Regulation regarding service providers are the following:
-
"Trust service" means the electronic service usually provided in exchange for remuneration, consisting of:
-
the creation, verification and validation of electronic signatures, electronic stamps or electronic time stamps, certified electronic delivery services and certificates relating to these services, or
-
the creation, verification and validation of certificates for website authentication, or
-
the preservation of electronic signatures, seals or certificates related to these services;
-
-
'Qualified trust service' means a trust service that meets the applicable requirements set out in this Regulation;
-
"Trust service provider" means a natural or legal person that provides one or more trust services, either as a qualified provider or as an unqualified trust service provider.
-
"Qualified trust service provider" means a trust service provider that provides one or more qualified trust services and has been qualified by the supervisory body.
Evicertia is a qualified provider of trust services as stated on the official page of QUALIFIED TRUSTED ELECTRONIC SERVICE PROVIDERS of the Ministry of Economic Affairs and Digital Transformation.
Notwithstanding this, in relation to the regulations of countries outside the scope of the European Union, Evicertia complies with the requirements established to be able to act as such. Although there are different regulations on security mechanisms as well as standards and regulations related to the treatment of electronic evidence, there is no specific framework for the accreditation of a Trust Service Provider outside of the aforementioned scope of the European Union, so the evidential effectiveness The declaration of a Trust Service Provider depends on the guarantees it offers.
In addition to this, Evicertia is not only a service platform that offers the exchange of secure communications but also offers certain guarantees in order to be able to use the evidence judicially.
To increase the evidentiary effectiveness of this statement , Evicertia has CISA certified auditors (internationally recognized computer auditor), experts specialized in computer security and electronic evidence, who in case of contesting the evidence, can make an expert report on request and testify in a judgment. In addition, it has the collaboration of notaries, public notaries who have the probative force of public faith, and who can prove in a notarial act that at a certain moment, a certain content was in the system and that this content comes from a system that mediates in communications and leaves evidence on them in a neutral way. Finally, different advanced and specific security mechanisms are used for electronic evidence, as well as independent and redundant expert methods, guaranteeing on each transaction:
-
Integrity of the contents and data of the transaction
-
Authenticity of origin and / or destination
-
Dated related events
-
One-to-one universal localization
-
Long term availability
What certifications has Evicertia ?
Evicertia, is made up of professional experts in computer security and accredited auditors. We have the following certifications:
Certified Information Systems Auditor ( CISA ) is a certification for auditors endorsed by the Information Systems Audit and Control Association (ISACA - Information Systems Audit and Control Association).
Candidates must meet the requirements established by ISACA
.
Certified Information Security Management ( CISM ) is a certification for information security administrators endorsed by the Information Systems Audit and Control Association (ISACA). It is focused on management and has been obtained by seven thousand people since its introduction in 2004. Unlike other security certifications, CISM defines the main standards of professional competencies and development that an information security director must possess, competencies necessary to direct, design, review and advise an information security program.
.
Certified Information Systems Security Professional ( CISSP ) is a high-level professional certification granted by the ( ISC2 - International Information Systems Security Certification Consortium, Inc), with the aim of helping companies to recognize professionals with training in the area of security of the information. CISSP is considered one of the most representative credentials in the field of computer security worldwide. As of May 2006, there were 38,384 CISSPs registered in the world.
.
Certified Internal Auditor ( CIA ) is the only globally accepted certification for internal auditors and provides the standard by which professionals demonstrate their skills and competencies in the field of internal auditing. Those who are certified as internal auditors will acquire the experience, information and business tools that they can apply in any organization or business environment.
.
ISO / IEC 27001 is a standard for information security (Information technology - Security techniques - Information security management systems - Requirements) approved and published as an international standard in October 2005 by the International Organization for Standardization and by the International Electrotechnical Commission . It specifies the necessary requirements to establish, implement, maintain and improve an information security management system (ISMS) according to what is known as the “ Deming Cycle”: PDCA - acronym for Plan, Do, Check, Act. , Check, Act).
