Conformity Assessment Body (CAB)

Trust services training

By #eIdAS, Acreditación, Auditoría, Certificación de auditores EIDAS, Conformity Assessment Body (CAB), eIDAS, EIDAS Auditor certification, Electronic Trust Service Providers, Evaluación de conformidad, Servicios de Confianza DigitalNo Comments

New dates for training on trust services:

  • Level 1 (2 days): Training for advanced users of electronic trust services (25 and 26 October 2022). Fee price: €1,000 +VAT.
  • Level 2 (2 days): Training for Trusted e-Services providers’ staff (15 and 17 November 2022). Fee: 1.000 € +VAT
  • Level 3 (2 days): Training for EIDAS Trusted e-Services Auditor candidates (29 November and 1 December 2022). Fee: 2.500 € +VAT. It includes accompaniment as a trainee auditor in 4 EIDAS audits.

Online training, held from 16:00 to 20:00 (Central European Time, UTC + 1h).
On this occasion, a special price has been defined to thank the people who have contacted us, following the announcement we made a few months ago: EIDAS specialist training and auditor certification.

  • Level 1 (2 days). Promotion: 450 € +VAT
  • Level 1 + Level 2 (4 days). Promotion: 1.000 € + VAT
  • Level 1 + Level 2 + Level 3 (6 days). Promotion: 2.500 € + VAT

In addition to the training, it is possible to obtain the associated professional certification by passing a level exam:

  • Professional certification “Trusted e-Services Specialist”. Level 1. Examination fees 200 € +VAT
  • Professional certification “Trusted e-Services Company Professional”. Level 2. Examination fees: 400 € +VAT. You must have passed or be pending assessment of the level 1 exam.
  • Professional certification “Evaluator of digital trust services companies”. Level 3. Examination fee: 600 € +VAT. Level 2 exam must be passed or pending evaluation. 4 EIDAS audits must be carried out as “trainee auditor” to become a fully qualified auditor.

Registration Form: Formulario_formacion-EIDAS-TCAB-2022

Download the full brochure: Brochure_training-EIDAS-TCAB-2022

Spanish Official Gazette authorizes video identification to get Qualified Certificates

By #eIdAS, Conformity Assessment Body, Conformity Assessment Body (CAB), Video onboardingNo Comments

The Official Gazette of April 1, 2020 includes Royal Decree-Law 11/2020, of March 31, by which complementary urgent measures are taken in the social and economic field to deal with COVID-19.

Its eleventh additional provision includes “Provisional measures for the issuance of qualified electronic certificates”.

The text of this provision is as follows:

While the state of alarm last, as was decreed by Royal Decree 463/2020, of March 14, the issuance of qualified electronic certificates will be allowed in accordance with the provisions of article 24.1.d) of Regulation (EU) 910/2014, of July 23, regarding electronic identification and trust services for electronic transactions in the internal market. To this end, the supervisory body will accept those methods of identification by videoconference based on the procedures authorized by the Executive Service of the Commission for the Prevention of Money Laundering and Monetary Offenses (SEPBLAC) or recognized for the issuance of qualified certificates by another Member State of the European Union. The equivalence in the security level will be certified by a conformity assessment body. The certificates thus issued will be revoked by the service provider at the end of the state of alarm, and their use will be limited exclusively to the relations between the holder and the public administrations.

TCAB, Trust Conformity Assessment Body has already carried out audits of this type for entities that provide video identification services. The first one was to Electronic Identification, S.L.

Contact us by calling +34 913 88 07 89 or by email at info at

Introduction to the concept of Conformity Assessment Body

By Conformity Assessment Body (CAB)2 Comments

A Conformity Assessment Body (CAB) is a company responsible for carrying out audits or conformity assessments for Trust Service Providers (TSPs).

Each Conformity Assessment Body must carry out audits in accordance with the regulations applicable in the sector. In the case of Trust Conformity Assessment Body (TCAB), we conduct our audits in accordance with the eIDAS Regulation and other relevant standards in the IT security sector such as ETSI, ENISA, CA/B Forum and Spanish local regulations such as SEPBLAC, among others.

The audit process is carried out in the following three phases:

  1. Planning and programming:

The audits are carried out with an Audit Plan, which will be carried out by the audit team each year. In this Plan, the audit data are established (date, duration, scope, points to be audited, audited area, contact persons) and checklists (date, time, points of the standards to be audited, audited area, contact persons) , auditors)

To prepare it, the reports of other audits already carried out will be collected. Once this is done, the Technical Committee will review and approve the audit plan.

  1. Execution:

To initiate the audit, an initial meeting will be held with the client to confirm the scope of the audit, the data collected in the Audit Plan, establish a sequence of the audit and analyze the points that both parties consider necessary. After this step, the audit will begin following the Audit Plan as a work guide. There are two steps at this point:

Documentary review: we will verify the conformity of the system (documents, records) through compliance with the points of the standards / laws of reference.

On-site inspection: verifications of compliance with the established controls will be carried out. A sampling inspection of the objective evidences will be carried out to prove the correct functioning of the technical and organizational processes related to the scope of the audit.

  1. Audit report:

Once the audit is completed, the audit team will write a results report, clearly and definitively identifying the detected non-conformities. In addition, there will be a final meeting in which the audit team will present the report to the client, so that he can review and sign it. In those cases where significant non-conformities are present, a new date will be scheduled for the next audit to verify the elimination of these non-conformities.

It is mandatory to send the CAR (Conformity Assessment Body) to the Supervisory Body, within 3 days after it is received, so that it may decide if it is granted the status of qualified and, consequently, if I can be included in it. the EU Confidence Lists.

In general, the CABs have a character of authority, since it is usually accredited by the National Certification Entities (in the case of Spain, ENAC) in order to be able to provide their services.

Click here to access the list of Conformity Assessment Bodies accredited against the requirements of eIDAS Regulation.