Policies

Policies are important considerations for all types of trust service. They define the rules by which a trust service operates e.g. the legal, technical, operational, and business rules, whilst simultaneously acting as a reference against which services can be audited and certified, usually against industry standards.

​

As an example, trust services based on the issuance and management of digital certificates are normally described in a Certificate Policy (CP). This document defines the participants involved in the management and use of the trust service and the rules governing its operation. The underlying practices supporting the policy are described in a Certification Practice Statement (CPS).

 

For audits against industry standards, policy and practice statement documents are important as they describe to an auditor the rules governing a trust service, and what practices are in place to meet these rules. In may cases, the existence of service policy and practices documents are mandatory.

​

Other examples of where policy and practice documents may be required are trust services providing time stamping, electronic signature creation, electronic signature validation, electronic signature augmentation, and remote HSM management services.

​

Email us or use the contact form below to get further information on the use of trust service policies and practices, or to discuss your requirements in more detail.

​

​