TRUSTIS FPS. Enrolment Requirements: Acceptable Evidence in Support of an Application for a Digital Certificate

Similar documents
Confirming your identity

Proving your identity and ownership of a property

Confirming your identity

BCS, Professional Certifications

Redirection Of Domestic Mail

Online Disclosure & Barring Service (DBS) Application System

Q&A Gone Away Tracing

CHECKER GUIDE TO THE ONLINE DBS APPLICATION SYSTEM

GDPR/Data Protection Act 1998 Subject Access Request Application

Application for access to your personal data held by the Aster Group as data controllers

ECA Trusted Agent Handbook

Privacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information

Subject access policy and template response letters

Online CRB Disclosure Application System

AccessNI Guidance Notes

GUIDE TO OPEN A JOINT PARTNER ACCOUNT

HBW LAW LTD T/A HESELTINE BRAY & WELSH

Elders Estates Privacy Notice

REAL RENTS PROPERTY MANAGEMENT LTD PRIVACY NOTICE

Online CRB Disclosure Application System

Applicant Manager Guidance Notes

In this policy, whenever you see the words we, us, our, it refers to Ashby Concert Band Registered Charity Number

Verifying your identity Anti-Money Laundering

Data Protection - Subject Request Form

What to do when someone passes away

Current Account Application form for Non-UK EU residents

Community Business Boost Programme Personal Statement

APPROVAL PROCESS TO BE FOLLOWED FOR PROVISIONAL ACCREDITATION OF CBs UNDER FM CERTIFICATION SCHEME

Special requirements for CITSS users who have been approved by other jurisdictions and are representing a participant in Nova Scotia

What you ll need to sign up to a PayPal Charity or Not-for-profit account. Click the button that applies to you

E-Bulk Guide for Applicants

Recognition as an Account Agent (User Registration) in the Compliance Instrument Tracking System Service (CITSS)

dataedge CA Certificate Issuance Policy

Disclosure & Barring Service (DBS) Online Application System

Update business details for business accounts

SAFE-BioPharma RAS Privacy Policy

Administration of PEFC scheme

Registration and Authentication

STEMNET Registered Body Online Disclosure System Guidance Notes for STEM Ambassador Applicants - October

S90. SEMOpx Transitional Registration Guide DO NOT SEND BACK. Date: 17/05/2017 Document; Revision: 1.2

Enhanced DBS (ebulkplus) Applicant (Colleague) Guidance Notes Locums - England & Wales:

DOCUMENT UPLOADS. NOTE: If you already have a pending filing created, select the Edit with the pending filing. Figure 1: Create New Filing

DBS Online Disclosure Guide (e-bulk) Applicant Guidance Notes - Standard/Enhanced

Disclosure & Barring Service (DBS) Online Application System

Privacy Information - Privacy and Cookies Policy In Full

Qualifications Network

S00. SEMOpx - Registration Guide DO NOT SEND BACK. Date: 17/05/2017 Document; Revision: 1.2

BISHOP GROSSETESTE UNIVERSITY. Document Administration. This policy applies to staff, students, and relevant data subjects

Completion Certificate Application Form (Overseas Law Graduates and Practitioners) [Effective 16 April 2018]

BOROUGH MARKET (SOUTHWARK) TRUST DATA SUBJECT REQUEST FORM

ACCOUNT OPENING MANUAL

[Utility Name] Identity Theft Prevention Program

Request to Access Personal Information

Robin Hood Energy Feed-In Tariff Application Form

Application for Access to your Personal Information held by the Bermuda POLICE Service (BPS)

Employee Screening Questionnaire

Emsi Privacy Shield Policy

Application for access to your personal data held by the City of London Police (CoLP)

Privacy Shield Policy

You can contact us about any questions, comments or requests you may have regarding this privacy policy using the details below:

Comprehensive Application Form

Identity Theft Prevention Program. Effective beginning August 1, 2009

Law Enforcement Recommended RAA Amendments and ICANN Due Diligence Detailed Version

SWAMID Person-Proofed Multi-Factor Profile

BUSINESS NAME REGISTRATION INCLUDING A GUIDE TO ONLINE FILING INFORMATION LEAFLET NO. 14 / SEPTEMBER Information Leaflet No.

(1) Jisc (Company Registration Number ) whose registered office is at One Castlepark, Tower Hill, Bristol, BS2 0JA ( JISC ); and

Data Subject Data Portability Request Form

PTSPAS Product Assessment HAPAS Equivalent in accordance with MCHW SHW Volume 1 Clause and

TouchPoint, Inc. Subject Access Request Form

OTC Direct Limited Customer account application / amendment form

Data Subject Access Request Form

Our Commitment to Personal Privacy

Employment Ontario Information System (EOIS) Case Management System

TATA CONSULTANCY SERVICES LIMITED CERTIFYING AUTHORITY REQUEST FORM FOR CLASS-2 CERTIFICATE FOR FOREIGN DIRECTORS.

Candidate Handbook Certified Commissioning Firm (CCF) Program

ISSUING and REVOCATION OF CERTIFICATES RTO - 34

REPOSITORY ACCOUNT OPENING MANUAL

Application for access to your personal data held by the City of London Police (The City of London Police)

Plus500UK Limited. Website and Platform Privacy Policy

Robin Hood Energy Feed-in Tariff Application Form

1.7 The Policy sets out the manner by which the University will respond to Subject Access Requests.

Application for anonymous registration. How do I register as an anonymous elector? Returning the form. More information

Important Information

Candidate Manual Certified Commissioning Firm (CCF) Program

Our Privacy Policy gives you detailed information on when and why we collect your personal information, how we use it and how we keep it secure.

IDENTITY ASSURANCE PRINCIPLES

One Sector Community Limited ACN ( OSC ) Privacy Policy

Kenex (Electro-Medical) Limited. Privacy Statement. Kenex (Electro-Medical) Limited (Kenex) have been in business for over 40 years and have

The information we collect

1. The application should be sponsored by two existing members of ICAM (proposer and seconder).

TSW FACT SHEET: REGISTERING TO USE TSW

What information is collected from you and how it is used

My Account. User Guide. Issue 01 Date HUAWEI TECHNOLOGIES CO., LTD.

PROFESSIONAL REGULATORY BOARD OF ACCOUNTANCY ACCREDITATION:

PRIVACY NOTICE. Who we are:

The Open Group Certification for People. Training Course Accreditation Requirements

Do not place any stamps or stickers on the form, (e.g. those featuring addresses). Do not write over the edges of the boxes.

Guide to Applications for Certificates of Free Sale for Medical Devices

APM Accreditation for training providers Application Guidance Notes

Summary of Updates CPS Revision 7 (Amendment from CPS Revision 6) 15 June 2018

Transcription:

TRUSTIS FPS Enrolment Requirements: Acceptable Evidence in Support of an Application for a Digital Certificate Important Notice: The information here is guidance on the minimum requirements of Enrolment for Trustis FPS Services. It does not substitute or replace the Certificate Policy under which digital certificates are issued by this Issuing Authority. You must read the Certificate Policy which ultimately controls the provision of digital certification services, before you apply for a certificate. Applicants for digital certificates must have their identities authenticated and their eligibility to hold a certificate validated before any certificate can be issued. This is vital if a certificate that is intended to be used to subsequently authenticate online identities, or to sign communications, transactions and documents, is to be trusted as really belonging to the person or organisation indicated in the certificate. Trustis FPS issues certificates to a number of levels of assurance and authentication. In all cases certificates issued shall fulfil the Standards of HMG Assurance Framework, specifically: HMG Minimum Requirements for the Verification of the Identity of Individuals V2 HMG Minimum Requirements for the Verification of the Identity of Organisations V2 at level two. Alternatives that demonstrate at lease these levels of assurance and verification may be permitted by the Policy Authority. Verification of Individuals or organisations, or in some cases both is enforced as applicable, are dependent upon the use of the certificates issued and the content of the certificate. Additionally, where specific authoritative information is to be included in certificates this will also be subject to verification. The following tables outline the requirements for evidence that may be supplied in support of an application. Note that a formal documented existing relationship with the RA may be used in lieu of / with other evidence if the RA already has strong confidence in the identity of the registrant organisation. Underlying identification checks must have been previously performed and it is essential to ensure that information used is up-to-date. Copyright Trustis Limited 2010. All Rights Reserved 1

Type of Applicant An Organisation, for whom a certificate is being requested (commonly required to be able to support the enrolment of devices or applications acting on behalf of the organisation, for example webservers). An Organisation Representative, acting on behalf of an organisation requires both the Organisation and the Organisation Representative to have their identities authenticated. Type of Evidence Required Organisational acceptable evidence Either Pre-vetted applicant acceptable evidence or General person acceptable evidence Plus: organisational acceptable evidence evidence of affiliation to the organisation evidence of authority to act on behalf of the organisation verification of the representative through "back contact" with the organisation Pre-vetted individuals, e.g.: Pre-vetted applicant acceptable evidence staff of the Registration Authority's organisation other classes of individuals, specially selected by the Registration Authority (and approved by the Issuing Authority), with whom the Registration Authority has an existing documented relationship and already has evidence of their identity and eligibility to hold a certificate. Other individuals, (without the benefit of such a close relationship supported by existing evidence of identity and eligibility to hold a certificate). General person acceptable evidence In each case and for each certificate applicant, the Registrar may: Take further steps to confirm the identity and eligibility of the intended subscriber. This may include the use of independent confirmation with other parties. Approve the certificate request if the Registrar is sufficiently satisfied of the identity and eligibility of the intended certificate holder (Subscriber). In this case, prior to approving the certificate request, the Registrar may: o further restrict or enhance the capabilities to be supported by the certificate (e.g. validity period, key usage, etc.) provided that the governing Certificate Policy is not contravened Copyright Trustis Limited 2010. All Rights Reserved 2

o correct any subscriber information to be contained within the certificate that is inaccurate o add any subscriber information that may be required to avoid naming conflicts o remove any subscriber information that is not required to be published in the certificate o indicate whether the location from which the issued certificate may be securely obtained, is to be provided directly to the intended subscriber or to the Registrar for further management of the delivery to the intended subscriber Defer the certificate request, pending further investigation of the identity and eligibility of the intended subscriber Reject the request General Person Acceptable Evidence This section defines the corroborating evidence that may be used to support an application for a digital certificate by general persons who have not been pre-vetted by either the Registration Authority or the Issuing Authority. Such corroboration is required to support confidence in the authentication of the identity of the person applying for a certificate, as well as to establish eligibility to hold such a certificate. Original documents (or certified copies) must be provided for verification, in addition to a photocopy of each document which may be retained by the authenticating body. At least one (1) document must verify both the applicant s current name and address as detailed on the registration form. Where copies of documentary evidence are supplied, these may be certified by a lawyer, banker or other regulated professional person. In general, the following pieces of evidence are required (consistent with HMG's Minimum Requirements for the Remote Verification of the Identity of Individuals - Level 2): Explanatory Notes: Numbers indicate how many items of evidence are required in each category 1+ denotes a higher level of detail must be provided that is capable of being corroborated by third parties Type of Evidence Personal Statement Identity Evidence Active in Community Third Party Corroboration 1 2 2 Allowable Permutations 1 1 2 1 1 2 1 1 1+ 3 Copyright Trustis Limited 2010. All Rights Reserved 3

Examples of the evidence that may be used are as follows: Personal Statement Evidence May consist of a form to be filled out electronically and must include: Full Name Date of Birth Address (plus position, department and organisation if applied for as a representative of an organisation) additional information that can be used in cross checks with other information sources, as deemed appropriate to improving confidence in the applicant's identity Copyright Trustis Limited 2010. All Rights Reserved 4

Identity Evidence Signed passport Residence permit issued by Home Office to EU Nationals on sight of own country passport UK photocard driving licence Full UK driving licence (old version) Benefit book or card or original notification letter from the Department for Work & Pensions confirming the right to benefit Building industry sub-contractor's certificate issued by the Inland Revenue Recent Inland Revenue tax notification Firearms certificate Old style provisional driving licences are not acceptable Issued no more than four (4) months before Birth certificate Adoption certificate Marriage certificate Divorce or annulment papers Application Registration Card (ARC) issued to people seeking asylum in the UK (or previously issued standard acknowledgement letters, SAL1 or SAL2 forms) GV3 form issued to people who want to travel in the UK but do not have a valid travel document Home Office letter IS KOS EX or KOS EX2 Police registration document HM Forces Identity Card. Copyright Trustis Limited 2010. All Rights Reserved 5

Active in Community Evidence Record of home visit Confirmation from an Electoral Register search that a person of that name lives at that address Recent original utility bill or certificate from a utility company confirming the arrangement to pay for the services at a fixed address on prepayment terms Local authority tax bill UK photo card driving licence Full UK driving licence (old version) Bank, building society or credit union statement or passbook containing current address Recent original mortgage statement from a recognised lender Local council rent card or tenancy agreement Benefit book or card or original notification letter from the Department for Work & Pensions confirming the rights to benefit Court order Issued no more than four (4) months before Most recent Issued no more than four (4) months before (note that mobile telephone bills are not to be accepted as they can be sent to different addresses and bills printed from the internet should not be accepted as their integrity cannot be guaranteed) Valid for current year Allowable if not used for evidence of name Allowable if not used for evidence of name Old style provisional driving licences are not acceptable Must be an active account Issued no more than four (4) months before Issued no more than four (4) months before Copyright Trustis Limited 2010. All Rights Reserved 6

Third Party Corroboration Evidence - Electronic Sources Electoral Register Credit reference/rating agencies (e.g. Credit Industry Fraud Avoidance System; Dun and Bradstreet Ltd; Equifax Europe Ltd; Experian Ltd; MCL Ltd.) Public records such as County Court Judgements or bankruptcies Electronic postal address file Postal redirect file Third Party Corroboration Evidence - Non-Electronic Sources Government Departments and Agencies (e.g. Public Records Office) Police Force Utility companies regulated by one of the Regulators Banks or other financial organisations regulated by the FSA Medical practitioners with whom the registrant has a formal relationship (e.g. his/her GP) Practising solicitor or barrister with whom the registrant has a client relationship Practising magistrate or judge Company or organisation which has been accredited by a tscheme member or is itself a tscheme member Copyright Trustis Limited 2010. All Rights Reserved 7

Certificate Content Evidence Brand, Trademark or Trading Identity Information Certificates are not issued on the basis of trading Identity. Applicants must fulfil all identity verification requirements AND prove ownership of the information to be identified in the certificate. Liability for such content always lies with the applicant. Where such information is to be substantively asserted in a certificate, verification shall be required. Certified copies of current Trade Mark Registration or similar proof to ownership of the information Registration in a publically accessible authorised record relating to the information. Identity or Active in the Community Evidence, as specified in these requirements. Email Address Certificates are not issued on the basis of email address only. Applicants must fulfil all identity verification requirements AND prove ownership of the email address to be identified in the certificate. e.g. Law Society Approved Practitioner database or Trademark registration database. Must contain the information for inclusion in the certificate. Documentary evidence is not normally required. Back contact using the declared email address and or third party corroboration is undertaken as part of the enrolment process. Identity, or Active in the Community Documents as specified in these requirements that contain the email address Must contain the email address to be included in the certificate. Internet Domain Certificates are not issued on the basis of domain verification. Applicants must fulfil all identity verification requirements AND prove ownership of the domain to be identified in the certificate. Written evidence of control or ownership of domain. Documentary evidence is not normally required. The registration data for the domain is collected from approved and/or third party public sources (WHOIS) and corroborated against the information verified as part of the individual or organisation registration submitted in the application. Where third party or public evidence does not provide corroboration of ownership of a domain, or an organisation or individual controls a domain not registered with it, certified written evidence of ownership/control must be provided. This is verified and/or corroborated with the registered owner of the domain. Copyright Trustis Limited 2010. All Rights Reserved 8

Acceptable Evidence for Organisations in support of an application for a Digital Certificate This section defines the corroborating evidence that may be used to support an application for a digital certificate by organisations. Such corroboration is required to further support confidence in the authentication of the identity of the entity to be issued with a certificate, as well as to establish eligibility to hold such a certificate. Original documents or certified copies must be provided for verification, in addition to a photocopy of each document that may be retained by the authenticating body. At least one (1) piece of evidence must verify both the organisation s current name and address. The term organisation is used here to include: Registered Companies Other corporate bodies Partnerships Government Departments Other unincorporated bodies and associations Note that a formal documented existing relationship with the RA may be used in lieu of / with other evidence if the RA already has strong confidence in the identity of the registrant organisation. Underlying identification checks must have been previously performed and it is essential to ensure that information used is up-to-date. If such a formal documented existing relationship with the RA is not in existence, or if the necessary identification checks have not been previously performed to establish strong confidence in the identity of the registrant organisation, then documentary evidence must be supplied as indicated below. Where copies of documentary evidence are supplied: For Primary Registration Evidence - these may be certified by the Company Secretary or a Solicitor or Notary For Secondary Evidence - these may be certified by an identified director of the organisation In general, the following pieces of evidence are required (consistent with HMG's Minimum Requirements for the Remote Verification of the Identity of Organisations - Level 2): Explanatory Notes: Numbers indicate how many items of evidence are required in each category Type of Evidence Primary - Registration Evidence Secondary Evidence Third Party Corroboration Allowable Permutations 1 2 1 These may be verified by "back contact" with the appropriate Registrant organisation. Copyright Trustis Limited 2010. All Rights Reserved 9

Primary - Registration Evidence Official Organisation Registration For example (Limited Company Registration, Listed Charity Registration, Partnership Deed, Law Society Registration, NHS Organisation Registration, etc.) Original documents or certified copies (certified by the Company Secretary or a Solicitor or Notary) must be provided for verification, in addition to a photocopy of each document that may be retained by the authenticating body. Copyright Trustis Limited 2010. All Rights Reserved 10

Secondary Evidence (Dealings with Government/Membership/ Trade/Operational) VAT Registration Official Licences to operate, where applicable Bank Reference Contract or Customer/Supplier Reference Code Published Collateral Government Transactions Membership Trade/operational documents Published Company Accounts On Bank letter-headed stationery and dated not earlier than one (1) month before Must be used in conjunction with a contract or account that is currently active and where one of the contracting parties is the organisation to which the Registration Authority belongs. This should be used only if the RA already has strong confidence in the identity of the registrant organisation. Underlying identification checks based on the other criteria listed here must have been previously performed and it is essential to ensure that information used is up-to-date Currently available material produced for public consumption in the course of business activities and that confirms the business address Information supplied to government departments or other official bodies which are not publicly available (e.g. tax, VAT, PAYE returns etc). Transaction date must be no more than four (4) months before Evidence of current membership of a known trade association, affiliation to recognised professional body, or other body Material generated by the organisation in the course of its activities, but which are not public knowledge (invoices, internal documents etc). Must be dated no more than four (4) months before Published to cover most recent financial year Copyright Trustis Limited 2010. All Rights Reserved 11

Third Party Corroboration Government Departments and Agencies Local Authorities Banks or other organisations regulated by the FSA Credit reference agencies Established trustworthy company or other body (such as a utility, NHS Trust, etc.) (including Companies House) Corroboration must be current Corroboration must be current Corroboration must be current Corroboration must be current With whom the registrant body has a professional relationship Corroboration must be current Copyright Trustis Limited 2010. All Rights Reserved 12

Certificate Content Evidence Brand, Trademark or Trading Identity Information Certificates are not issued on the basis of trading Identity. Applicants must fulfil all identity verification requirements AND prove ownership of the information to be identified in the certificate. Liability for such content always lies with the applicant. Where such information is to be substantively asserted in a certificate, verification shall be required. Certified copies of current Trade Mark Registration or similar proof to ownership of the information Registration in a publically accessible authorised record relating to the information. Identity or Active in the Community Evidence, as specified in these requirements. Email Address Certificates are not issued on the basis of email address only. Applicants must fulfil all identity verification requirements AND prove ownership of the email address to be identified in the certificate. e.g. Law Society Approved Practitioner database or Trademark registration database. Must contain the information for inclusion in the certificate. Documentary evidence is not normally required. Back contact using the declared email address and or third party corroboration is undertaken as part of the enrolment process. Identity, or Active in the Community Documents as specified in these requirements that contain the email address Must contain the email address to be included in the certificate.. Internet Domain Certificates are not issued on the basis of domain verification. Applicants must fulfil all identity verification requirements AND prove ownership of the domain to be identified in the certificate. Written evidence of control or ownership of domain Documentary evidence is not normally required. The registration data for the domain is collected from approved and/or third party public sources (WHOIS) and corroborated against the information verified as part of the individual or organisation registration submitted in the application. Where third party or public evidence does not provide corroboration of ownership of a domain, or an organisation or individual controls a domain not registered with it. Certified written evidence of ownership/control must be provided. This is verified and/or corroborated with the registered owner of the domain. Copyright Trustis Limited 2010. All Rights Reserved 13

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback