ING PUBLIC KEY INFRASTRUCTURE CODE OF CONDUCT FOR EMPLOYEE CERTIFICATES. Version November ING PKI Service

Transcription

1 ING PUBLIC KEY INFRASTRUCTURE CODE OF CONDUCT FOR EMPLOYEE CERTIFICATES Version November 2015 ING PKI Service

2 Information sheet Commissioned by Additional copies ING PKI Policy Approval Authority (PAA) of this document can be found at the ING PKI Intranet site: or requested at: ING PKI Service Centre PO Box BV Amsterdam the Netherlands E mail: pki@ing.com Document version control Date Version Changes All ING PKI documents can be found at: Documents relevant to non-ing are also available via the ING PKI Internet: Minor changes Bringing inline with other PKI Service Center documents Important Notice Abstract Audience References The information contained in this document is for internal purposes only and should not be made available to any person outside ING Group. 2015, ING Groep N.V.. All rights reserved. This Code of Conduct for the ING PKI Employee Certificates contains End-User specific rules with regard to being the Certificate Subject and user of a Certificate issued by the ING PKI Employee Certification Authority (CA), in accordance with the applicable ING PKI Certification Practice Statement (CPS) and ING PKI Employee Certificate Policy. The information contained in this document is intended for all End-Users of Certificates issued by the ING PKI Employee CA. In this Code of Conduct the term Employee represents any person working for ING, both internal employees (directly being paid by ING) and contractors, hired via any external party. ING PKI Certification Practice Statement ING PKI Employee Certificate Policy ING PKI Service Centre Code of Conduct for Employee Certificates, v 5.4 November 2015 Page 2 of 6

3 Contents 1 Code of Conduct for Employee Certificates Applicability Eligibility Use of Certificates Related Documents Document Hierarchy End-User Obligations Additional Responsibilities Intellectual Property Enforcement of this Code Applicability of other Codes 6 ING PKI Service Centre Code of Conduct for Employee Certificates, v 5.4, November 2015 Page 3 of 6

4 1 Code of Conduct for Employee Certificates 1.1 Applicability Eligibility Use of Certificates 1.2 Related Documents Document Hierarchy This Code of Conduct for ING PKI Employee Certificates (hereafter to be referred to as the Code ) is binding on each End-User that applies for and/or obtains Certificates issued by the ING PKI Employee CA. All services of the ING PKI Employee CA are supplied by ING Bank NV. Only Employees of ING are eligible to obtain and use Certificates issued by the ING PKI Employee CA. Employee Certificates issued within the ING PKI are not to be used in connection with any Communication other that those with other ING Employees, ING Partners or ING Customers and their representatives. Distribution of an Employee Certificate will in itself not create any power to represent ING for the End-User and should not be used to create the appearance of authority on behalf of ING by the End-User. End-Users will not use such Employee Certificates for private Communication of whatever nature. The ING PKI Glossary, the Certificate Policy (CP) Employee CA, the ING PKI Certification Practice Statement (CPS) and the ING PKI Privacy Statement form an integral part of this Code. ING Bank NV may from time to time amend this Code and the respective documents in accordance with the change procedure as described in the ING PKI CPS. In the event of any inconsistency between the aforementioned documents, the following order of precedence shall be observed: 1. ING PKI Code of Conduct for Employee Certificates 2. ING PKI Glossary 3. ING PKI Employee Certificate Policy 4. ING PKI Certification Practice Statement 5. ING PKI Privacy Statement ING PKI Service Centre Code of Conduct for Employee Certificates, v 5.4, November 2015 Page 4 of 6

5 1.3 End-User Obligations Additional Responsibilities Each End-User associated with a Certificate issued by an ING PKI Employee CA shall: a. Comply with applicable obligations, procedures and controls in the ING PKI Employee Certificate Policy and the ING PKI Certification Practice Statement; b. Use the Certificate only insofar it is valid and not revoked to his/her knowledge; c. Immediately report to the End-Users Certification Authority in case of any compromise or loss of a Private Key, or when there is any reason to suspect compromise or loss thereof; d. Immediately report to the End-Users Certification Authority in case of any change to the information included in the Certificate request or in the Certificate; e. Use the Certificates, the Activation Data, the Key Pairs, and the Software Tokens in a normal, responsible and trustworthy manner, taking into account the interest of ING and, f. Withhold of any activities which may endanger or undermine the trustworthiness or continuity of the ING PKI environment, the ING Group and/or the ING entity he/she is employed with. Each End-User shall be exclusively responsible for monitoring, investigating or confirming the accuracy of the information submitted to the ING PKI Employee CA as well as the Certificate contents after acceptance has taken place. The Certificate, the Activation Data, and the Private Key, or any software related thereto, are restricted only to be used by the End-User. He/she shall not lease, copy, sell, assign (sub)license, grant any limited rights on, nor make available to any third party the Certificate, the Activation Data, or the Private Key. As a consequence of the PKI mechanism, the Public Part of the Certificate will be made public automatically. ING PKI Service Centre Code of Conduct for Employee Certificates, v 5.4, November 2015 Page 5 of 6

6 1.3.2 Intellectual Property 1.4 Enforcement of this Code Applicability of other Codes As far as ING Bank NV provides the End-User with software and/or database licenses from third parties, the license conditions and guarantees of that third party will apply and the End-User shall act accordingly. The End-User shall follow all reasonable instructions given by ING Bank NV with regard to the use of the Intellectual Property Rights applicable to the Certificate, the Activation Data, and the Private Key, or any related software. Breach of this code will result in measures by management of the End-user. Such measures will be based on the employment contract or similar contractual relationship between the End-user and ING and could ultimately result in termination of the employment agreement or similar contractual relationship, notwithstanding any other legal measures ING could take under applicable law. End-Users are legally bound to the rules and regulations as stated in the ING Business Principles and any other local ING General Code of Conduct if available PKI Service Center ING Bank N.V. ING PKI Service Centre Code of Conduct for Employee Certificates, v 5.4, August 2015 Page 6 of 6