TCAB carries out an audit to establish compliance with the Customer’s Trust Electronic Services Management System, according to EU Regulation 910/2014 (eIDAS), based on the standards of application.

Standards of application (policies and procedures):

  • ETSI EN 319 401
  • ETSI EN 319 411-1
  • ETSI EN 319 411-2
  • ETSI EN 319 421
  • ETSI EN 319 521
  • ETSI TS 119 441
  • ETSI TS 119 511

The audit would be performed in several stages:

Audit methodology
Estimate request, specifying the scope of the audit.
Planning of the audit, assigning a lead auditor and an audit team.
Assessment performed in two stages: documentary review and on-site audit.
Conformity assessment report. In case of detected nonconformities, the auditee needs to present plan of corrective actions addressing the nonconformities.
Once the assessment is finalized, and if no nonconformities are left unaddressed, a certification decision is reached. When positive, a certificate for the assessed services is issued.
When the service is certified, several actions of surveillance are performed, and the TSP must notify any relevant changes to the service.


The audits are performed with an Audit Plan, that will be made by the audit team for every assessment project. In this Plan, the audit data are settled (date, lasting, scope, points to be audited, audited area, contact persons…) and checklists (date, time, points  of the standards to be audited, audited area, contact persons, auditors). In order to prepare it, reports form other audits already performed will be collected.
Once it is made, the audit plan will be revised and approved by the Technical Committee.


To start the audit, an initial meeting with the client will be held to confirm the scope of the audit, the data collected in the Audit Plan, stablish a sequence of the audit and discuss those points that both parts believe necessary. After this step, the audit will start following the Audit Plan as a work guide. There are two steps at this point:

  • 1. Document Review: We will check the system conformity (documents, registers…) through the accomplishment of the points of the reference standards/laws. The resolution of possible non conformities of  previous audits will be verified.
  • 2. On-site Inspection: Proofs of accomplishment of the established controls will be performed. A sampling inspection of the objective evidences will be held in order to test the correct operation of technical and organizational processes related to the scope of the audit. The resolution of possible non conformities of the document
    review will be verified.

If the audit would be performed as a consequence of the presence of non conformities, our team will deepen in the causes and effects and will define a corrective/preventive action.
Once the audit is finished, the audit team will write a report of results, identifying in a clear and defined way the detected non conformities.

Next to this, there will be a final meeting where the audit team will show the report to the client, so that he/she can review and sign it. In those cases where there is no presence of significant non conformities, a new date for the next audit  will be programmed to check the removal of those non conformities.
It is mandatory to submit the CAR (Conformity Assessement Body) to the Supervisory Body within 3 days after receiving it.


The audit team shall submit the audit report to our Technical Commitee for review, and either a Certificate will be issued (if applicable) or an extraordinary audit will take place.
ARCHIVING PERIOD: The audit reports and documentation about Non Conformities will be stored by TCAB.