Certifications and Compliance
To meet the very latest security and data protection requirements, all of our services are subject to strict rules and regularly checked by independent specialists.
Signicat is ISO/IEC27001 certified.
# EN ISO 27001:2013
This international standard is designed to set requirements for the establishment, implementation, maintenance and continuous improvement of an information security management system.
An ISO / IEC 27001 certificate shows that the information security management system has been measured against a standard of best practice in the branch and found to be in compliance. Certification of an independent certification body shows that the necessary measures have been taken to protect sensitive information from unauthorized access and changes.
# Protect your values
The standard has a holistic approach to information security. Values that need protection can include everything from digital information, paper documentation and physical assets (computers and networks) to the knowledge of individual employees. Conditions you must consider include, among other things, the staff's skills development and technical protection against hacking.
ISO / IEC 27001 helps us protect information as follows:
- Confidentiality ensures that information is only available to authorized parties
- Integrity ensures that the information handling methods are accurate and complete
- Accessibility ensures that authorized users have access to information and associated assets when needed
Signicat is ISO/IEC 27001 certified, certificates are available here.
Signicat is a Qualified Trust Service Provider (QTSP)
# eIDAS (Electronic Identification and Trust Services)
Signicat is a Qualified Trust Service Provider issuing qualified time-stamps, certificate is available here.
The Signicat Time-Stamp policy and Practice statement is listed at the end of this page.
By being a Qualified Trust Service Provider, Signicat is listed on the EU trust list.
# OpenID Certified
Signicat is a certified OpenID Connect provider and has achieved OpenID Certification from the OpenID Foundation. OpenID Certification demonstrates that our implementation of OpenID Connect, a standard for user authentication and authorisation, meets the highest levels of security, interoperability, and usability.
Signicat is eHerkenning certified.
# eHerkenning certified
eHerkenning certifiedThe Ministry of Economic Affairs has certified us as an official eHerkenning broker. Other suppliers also recognise the power of our software, which means that our systems handle the majority of all login transactions.
Signicat is AICPA SOC2 certified.
# AICPA SOC 2 (American Institute of Certified Public Accountants; Service Organization Control)
Signicat delivers a SOC 2 (type 1 for 2018) (type 2 for 2019) attestation report to its customer. The SOC 2 report addresses a service organization’s controls that relate to operations and compliance, as outlined by the AICPA’s Trust Services criteria in relation to availability, security, processing integrity, confidentiality and privacy. This report is intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service organization relevant to security, availability, and processing integrity of the systems the service organization uses to process users’ data and the confidentiality and privacy of the information processed by these systems.
#
#
# nPA (neuer Personalausweis)
As an identification service provider, Signicat has been authorized to read ID card data on behalf of customers since March 9, 2020 in accordance with the certification under Section 21b PAuswG. A prerequisite for secure and convenient registration with banks, insurance companies, mobile communications, healthcare... but also in retail, especially in online shops.
The certificate of the Federal Office of Administration is available here (PDF).
# FTN (Finnish Trust Network)
Signicat is an approved identity broker for Finnish businesses, providing access to the Finnish Trust Network, by The Finnish Transport and Communications Agency (Traficom).
Signicat offers strong electronic identification services for the public. The principles for strong identification have been established in Finnish legislation: Laki vahvasta sähköisestä tunnistamisesta ja sähköisistä luottamuspalveluista 533/2016, section 2.2§: http://www.finlex.fi/fi/laki/ajantasa/2009/20090617.
# IDIN
Signicat is an approved broker of IDIN in Netherlands.
# GDPR as Data Processor on instruction by Data Controller (Signicat's Customer)
An audit report is provided to Signicat's customers of compliance to Signicat's Data Processor Agreement (DPA).
# Qualified Trust Service Provider Document Repository
# eIDAS QTSP Terms and Conditions
# eIDAS QTSP Policy and Practice Statement
# How does the EU's Court of Justice Ruling "Schrems II" affect Signicat? (2021, April)
# What is Schrems II?
Schrems II is a decision from the Court of Justice of the European Union, and relates to data transfers outside of the European Economic Area (EEA) and whether or not that data is handled according to privacy standards set in the EEA. Importantly, Schrems II rules that the EU-US Privacy Shield is invalid and an insufficient basis for data transfers.
#
Where is customer data processed?
The personal data Signicat processes on behalf of the customer is processed by a variety of hosting platforms in the EEA only. We have agreed with our hosting providers that the data will not be processed outside of the EEA.
# How is Signicat working to comply with Schrems II?
The situation is still under development, and precedence are continuing to be set by different European courts. Signicat continuously monitors compliance status of our hosting providers, consulting directly with the hosting providers, while also consulting with guidelines from the European Data Protection Board (EDPB) and the Norwegian Data Protection Authority. We are also observing the precedence set by different European courts in this matter.
# Sustainability policy
Signicat is committed to conduct business in a sustainable way as an employer, vendor, business partner and community member. At Signicat, sustainability is the way we manage and operate our business to best serve our employees, customers, care for the environment, drive long-term prosperity and build a trusted digital world.