Electronic Communications and Transactions Act, 2002 (Act No. 25 of 2002)Accreditation RegulationsChapter II : Application for accreditation10. Granting of accreditation |
(1) | If the South African Accreditation Authority is satisfied that an applicant complies with the requirements of the Act and these regulations, the South African Accreditation Authority must— |
(a) | communicate its decision to the applicant in writing; |
(b) | advise the applicant of any restrictions or conditions attached to the granting of the accreditation; |
(c) | advise the applicant of the effective date of the granting of the accreditation; and |
(d) | issue a certificate of accreditation for each authentication product or service accredited, stating any conditions or restrictions subject to which it was accredited. |
(2) | An authentication service provider must submit an audit report upon application for accreditation and annually thereafter. |
(3) | An authentication service provider whose authentication products or services resulting in and used to support an electronic signature a re-accredited may outsource or appoint agents or contractors to carry out some or all of the operations relevant to its authentication products or services: Provided that— |
(a) | it has notified the South African Accreditation Authority in writing; |
(b) | the agent or contractor, as the case may be, has been audited for purposes of that specific authentication product or service, the costs of the audit to be borne in full by the authentication service provider or its agent or contractor, and an audit report has been submitted to the South African Accreditation Authority and found to be acceptable; |
(c) | the South African Accreditation Authority approves the outsourcing or appointment of those agents or contractors in writing; |
(d) | those agents or contractors comply with the Act and these regulations as applicable to the authentication service provider whose authentication products or services have been accredited; and |
(e) | the authentication service provider is responsible for the activities of agents or contractors in the performance by them of the functions of the authentication service provider. |