Security & Compliance Centre

Signicat provides Qualified Trust Services in different geographical areas, issuing both qualified time-stamps as well as qualified certificates for electronic signatures and electronic seals.

• Qualified time-stamps, offered by Signicat AS, Norway. EU Trusted Service list
• Qualified certificates for electronic signatures, offered by Signicat Spain. EU Trusted Service list.
• Qualified validation service for electronic signatures and electronic seals, offered by Dokobit UAB, a Signicat company. EU Trusted Service list.

Signicat's operations, systems, development and processes comply with ISO/IEC 27001 — the internationally recognised standard for leading information security management practices. ISO/IEC 27001 helps us protect information as follows:

• Confidentiality ensures that information is only available to authorised parties
• Integrity ensures that the information handling methods are accurate and complete
• Accessibility ensures that authorised users have access to information and associated assets when needed

This international standard is designed to set requirements for the establishment, implementation, maintenance and continuous improvement of an information security management system.

Signicat Spain is ISO/IEC 27001 certified.

ISO/IEC 25000 also known as SQuaRE (System and Software Quality Requirements and Evaluation), is a series of standards aiming at creating a common framework for the evaluation of software product quality. Our Certificate of Functional Adequacy measures the ability of the software product (VideoID) to provide functions that satisfy both stated and implied needs, provided that the product is used under the specified conditions.

Signicat delivers a SOC 2 (type 1 for 2018) (type 2 for 2019) attestation report to its customer. The SOC 2 report addresses a service organisation’s controls that relate to operations and compliance, as outlined by the AICPA’s Trust Services criteria in relation to availability, security, processing integrity, confidentiality and privacy.

Signicat is a certified OpenID Connect provider and has achieved OpenID Certification from the OpenID Foundation. OpenID Certification demonstrates that our implementation of OpenID Connect, a standard for user authentication and authorisation, meets the highest levels of security, interoperability, and usability.

Signicat SLU's VideoID product is available in the ICT security products and services catalog of the Spanish National Cryptologic Center, within the category "Video Identification Tools", thus ensuring compliance with the ETD/465/2021 standard of May 6 and ETD/743/2022 of July 26, which regulates remote video identification methods for the issuance of qualified electronic certificates.

The systems that supports the information of the services provided by Signicat SLU have been audited and found to comply with the requirements of RD 311/2022 on May 3rd, which regulates the National Security Scheme in the field of electronic administration.

Therefore, Signicat SLU is certified in the National Security Framework at High level and reinforces the commitment to national regulatory compliance.

Signicat is an certified broker of MitID. Companies must go through a broker in order to offer log-in and signing with MitID to their users. The broker concept has been introduced, among other things, to increase the security of MitID and to make the integration easier for companies. In order to be certified, a broker must meet requirements for security, business conduct, reporting, data processing, support and guarantees.

Signicat is an approved identity broker for Finnish businesses, providing access to the Finnish Trust Network, by The Finnish Transport and Communications Agency (Traficom). Signicat offers strong electronic identification services for the public. The principles for strong identification have been established in Finnish legislation: Laki vahvasta sähköisestä tunnistamisesta ja sähköisistä luottamuspalveluista 533/2016, section 2.2§.

The Dutch Ministry of Economic Affairs has certified Signicat as an official eHerkenning broker. Partners and customers also recognise the power of our software, which means that our systems handle the majority of all login transactions.

Signicat is a yearly audited and certified broker for the highly regulated DigiD authentication method from the Dutch Ministry of Internal Affairs.

As an identification service provider, Signicat has been authorized to read ID card data on behalf of customers since March 9, 2020 in accordance with certification according to §21b PAuswG. A prerequisite for secure and convenient registration with banks, insurance companies, mobile communications, and healthcare, but also in retail, especially in online shops.

Signciat is an approved Digital Identity Service Provider (DISP) for iDIN, and offers merchants the possibility of integrating iDIN for different use cases and different options for technical integration to make it easier for merchants to use iDIN in their own technology stack.

Signicat organises its security work by implementing a Information Security Management System (ISMS) following and certified in line with the ISO/IEC 27001:2013 standard. We have a dedicated Security and Quality organisation lead by Signicat's CISO. The CISO leads and are part of Signicat's Information Security Board (ISB) which includes top-level management from different departments in Signicat. To ensure that the ISMS is performing and implemented in line with best practice we conduct an extensive audit program.

All Signicat services are delivered as Software as a Service (SaaS) – this means that meeting the toughest security and compliance requirements of clients in regulated industries benefits all Signicat customers. Making our services secure is a primary concern for us, and it forces us to focus on security in the development and operations of our services. Signicat is continuously improving the management system and control implementation.