Electronic Communications and Transactions Act, 2002 (Act No. 25 of 2002)

Accreditation Regulations

Chapter III : Requirements for certification service providers

17. Responsibilities of certification service providers

Purchase cart Previous page Return to chapter overview Next page

 

A certification service provider whose authentication products or services resulting in and used to support an electronic signature are accredited must—

(a)disclose in a publicly accessible database—
(i)its certificate that contains the public key corresponding to the private key used by that certification service provider to digitally sign another certificate (referred to in this regulation as a certification service provider certificate);
(ii)its certification practice statement and certificate policy;
(iii)notice of the revocation or suspension of its certification service provider certificate;
(iv)any other fact that materially and adversely affects the reliability of a certificate issued by the certification service provider or the certification service provider's ability to perform its services; and
(v)all its accredited authentication products or services;
(b)use a trustworthy system to perform its services and functions, including the generation and management of its keys, the generation and management of subscribers' keys, the issuing, renewal, suspension or revocation of accredited certificates, the maintenance of its repository and the publication of accredited certificates;
(c)in the event of an occurrence that materially and adversely affects a certification service provider's trustworthy system as contemplated in section 38(2)(a), (b), (c) and (d) of the Act or its certification service provider certificate, use all reasonable efforts to notify any person who is or might be or will foreseeably be affected by that occurrence, or act in accordance with procedures governing such an occurrence specified in its certification practice statement and certificate policy;
(d)develop, establish, maintain and update documented policies, procedures and practices in relation to its entire operational environment;
(e)report to the South African Accreditation Authority any incident that may materially affect its trustworthy system in general;
(f)ensure that all its personnel are fit and proper persons and possess the necessary knowledge, technical qualifications and expertise to carry out their duties effectively; and
(g)comply with the Act, these regulations and any guidelines or directives issued by the South African Accreditation Authority.