TCAB (Trust Conformity Assessment Body) is preparing a training event to be held in April 2021, aimed at training specialists in the world of electronic signatures and trust services.
The training will be online and in the afternoons (from 16:00 to 20:00 Spanish time, from 15:00 to 19:00 UTC), to encourage the participation of Latin American students.
It is structured in three levels:
- Advanced users of digital trust services (2 days: 12 and 14 April)
- Trusted digital service provider (2 days: 19 and 21 April)
- Digital Trusted Services Auditor (2 days: 26 and 28 April)
After the complete training, it is possible to opt for an examination that will give access to the professional certification of EIDAS Auditor and subsequently to carry out audits as a junior auditor, in the framework of the conformity assessments developed by TCAB.
There are additional prerequisites to become an auditor such as a security certification, such as CISA, CISM or ISO 27001 auditor.
- Level 1 (2 day): 399 € +VAT
- Level 1 + Level 2 (4 days): 997 € + VAT
- Level 1 + Level 2 + Level 3 (6 days): 1.495 € + VAT
The examination fees for professional certification are as follows:
- Level 1 professional certification “Digital Trust Services Specialist”: 150 € +VAT.
- Level 2 professional certification “Digital Trust Services Business Professional”: 250 € +VAT. You must have passed or be pending assessment of the level 1 exam.
- Level 3 professional certification “Digital Trust Services Assessor”: 250 € +VAT. You must have passed or be pending assessment of the level 2 exam.
Los derechos de examen para certificación profesional tienen el siguiente coste:
- Certificación profesional de nivel 1 “Especialista en servicios de confianza digital“: 150 € +IVA
- Certificación profesional de nivel 2 “Profesional de Empresas de servicios de confianza digital”: 250 € +IVA. Se tiene que haber superado o estar pendiente de evaluación el examen de nivel 1
- Certificación profesional de nivel 3 “Evaluador de Empresas de servicios de confianza digital: 250 € +IVA. Se tiene que haber superado o estar pendiente de evaluación el examen de nivel 2
The tentative agenda is as follows:
Level 1. Training for developers, service companies and public sector employees.
It provides an introduction to electronic identification and signature systems.
The following topics are covered:
- Concepts of electronic identification
- Brief history of cryptography
- Hash Algorithms
- Symmetric key cryptography and asymmetric key cryptography
- Elements of Public Key Infrastructures. RA, OCSP, CA, Root, Final Entity, CRL, Timestamping, digital custody. Trusted lists
- Structure of the certificates. Standards X.509, X.520
- SSL TSL. OCSP Stapling
- Authentication through certificates
- Electronic signature. Types of electronic signatures
- Qualified certificates
- Qualified Signature Creation Devices
- Device drivers. MS-CAPI and PKCS#11 standards
- Electronic signature regulations. EIDAS Regulations
- Electronic signature in public administrations and in the field of justice. Considerations on Law 39/2015 and Law 18/2011.
- Special advanced signatures. Biometric signatures
- Server configuration for SSL. How to request certificates
Level 2. Training for Trusted Service Provider professionals
It describes the systems used by LDCPs, the documents to be produced and the security measures in the field of Digital Trust Service Providers and how to prepare for an EIDAS audit
The following topics are covered:
- Regulations related to identity management. Regulation 1501/2015 and Regulation 1502/2015
- General regulations for providers: EN 319 401:
- Risk assessment,
- Policies and Practices: Trusted Service Practice Statement, Terms and Conditions, Information Security Policy
- Management and operation of Trusted Electronic Service Providers: Internal organisation (Reliability of the organisation, Segregation of duties), Human resources, Asset management (General requirements, Media management), Access control, Cryptographic controls, Physical and environmental security, Security of operations, Network security, Incident management, Collection of evidential information, Business continuity management, Termination of activities of Trusted Electronic Service Providers and termination plans, Legal compliance.
- OID. How to apply for OID. How to design an organized structure of OID to facilitate the management of signature policies
- Certificate profiles. Policy identification. Required OIDs according to CAB Forum, required OIDs according to ETSIT standards. EN 319 412 standards. PSD2 certificates
- Necessary documentation to be checked when issuing certificates of natural persons, certificates of natural persons representing legal persons, certificates of natural persons employed by public authorities, certificates of legal persons.
- Tools for parsing and checking the quality of certificates
- Certificate transparency. Repositories and integration
- Regulations concerning the issue of certificates: EN 319 411-1. Detailed overview of the content of a Trusted Services Statement of Practice
- Regulations concerning the issue of qualified certificates within the framework of EIDAS: EN 319 411-2. Detailed tour of the contents of a Statement of Practice for Trusted Services. EIDAS certificates: QCP-n, QCP-l, QCP-n-qscd, QCP-l-qscd, QCP-w.
- Regulations concerning the issue of qualified time stamps within the framework of EIDAS: EN 319 421 and EN 319 422
- Regulations concerning the provision of qualified services of electronic notifications and certified electronic mail (Qualified Service of Certified Electronic Delivery) in the framework of EIDAS: EN 319 521 and EN 319 531
- Qualified service for the validation of qualified electronic signatures and qualified electronic seals within the framework of EIDAS: TS 119 101 and EN 319 102-1
- Qualified electronic signature and qualified electronic seal storage service within the framework of EIDAS: TS 102 573 and EN 319 102-1
- Civil liability insurance. Contractual and non-contractual liability.
- Qualified signature creation devices. Application standards for the evaluation of devices: FIPS-140-2, CWA 14167-1, CWA 14167-2, CWA 14169, CWA 14170, EN 419 241-1, EN 419 241-2, EN 419 221-5.
- Lists of signature creation devices: NIST, Common Criteria Portal, Article 31 List (Compilation of Member States notification on SSCDs and QSCDs). Special procedures of Art. 30-2-b. Validity of devices prior to EIDAS by art. 51.1
- Aspects to be taken into account for the issuance of website certificates and signing of executable code in CAB Forum contexts: Baseline Requirements, Extended Validation (EV) Guidelines.
- Criteria for verification of identity in RA activities according to article 24-1-b and 24-1-d Video identification criteria published by SEPBLAC in the framework of Law 10/2010.
- TSL lists (Trusted Lists). Standard TS 119 612. Information reflected in the lists. Checking the validity of qualified certificates issued in the valid phase of providers whose qualification has been withdrawn.
- Rules for the use of the European Qualification Mark EIDAS
Level 3. Training for Trusted Services Auditors and Conformity Assessors
It describes the conformity assessment framework, the accreditation bodies, the requirements for conformity assessment bodies and the requirements for auditors.
Students who have attended all 3 levels of training will be able to take a professional certification exam that will qualify them as EIDAS auditors in the Trust Conformity Assessment Body Scheme. Students who pass the exam will gain a level of professional qualification to participate as junior auditors in conformity assessment audits and will be eligible to accompany senior auditors in TCAB audits. After participating in 3 audits they will be qualified as a senior auditor.
In the training the third level teachers will use English and Spanish as vehicle languages throughout the classes.
The following topics are covered:
- Evolution of the conformity assessment framework for trusted services. Order of 21 February 2000 approving the Regulation on the accreditation of certification service providers and the certification of certain electronic signature products.
- EIDAS supervision model. List of Member States’ supervisors.
- EIDAS accreditation model. List of Member States’ accreditation bodies.
- EIDAS evaluation model. List of evaluation bodies in the Member States.
- Requirements for BACs to achieve accreditation. EN 319 403, ISO 17065, Criteria and specific accreditation process for the certification of trusted electronic services regulated by Regulation (EU) No 910/2014 (eIDAS) (ENAC RDE-16 Standard)
- Recommendations for planning an audit: Documentary review phase, face-to-face phase, identification of evidence, information guidelines to be reflected in the Conformity Assessment Report (CAR).
- Evaluation procedure. Review of the report, approval of the certification.
- Monitoring of the entities evaluated. Extension of the scope of the evaluation.
- General requirements for auditors and prior conditions for accreditation. Ethical principles for auditors. Independence and impartiality criteria.
- Stakeholders and interaction guidelines.
- Typical course of an audit project.
- Recommendation for action and approach during audits.
- Requirements and outline of evaluation reports.
- CAR model for auditors
- Conditions for the Issuance of the Certificate. Phases of the certification process.
- Rules for the use of the European Qualification Mark EIDAS, and other marks associated with the evaluation, ENAC, CAB,…
- General structure of certification approval. TCAB organization for the approval of certifications. Committee of interested parties.
For more information call TCAB at +34 91 3880789 or fill the form