ITU Home Page International Telecommunication Union Français  Español 
Print Version 
ITU Home Page
About

Activities

ITU's Role

Partners

Contacts

News

Events

Links
Home : ITU-D : EC-DC
Requirements to operate an Affiliate Registration Organisation

a) Physical Infrastructure

  • On-site Software archives

  • On-site and Off-site secure archives for physical documents.

  • Area with restricted access (room with reasonably secure locking mechanism accessible only by persons authorised to work in the ARO service)

  • Secure compartment or safe (with a reasonably secure locking mechanism accessible only by the person(s) who are authorised to operate the system) in which to store the operator smart card while the ARO system is not in use

b) Technological Services

  • 220 V 50 Hz power supply

  • Local computer support services which can serve the needs to maintain the systems

  • Internet Service Provider connectivity at a speed of at least 33.6 Kbps or direct LAN connection to the Internet

c) Staff

  • At least 2 staff appropriately trained with the ability to perform checks and to process End User applications (previous experience in establishing company registers or working in building up trade registers is a bonus).

  • Staff should not have any criminal convictions (recent police records are required as proof of this).

d) Documents

The following documents needs to be presented during the Request Phase described in section IV:

  • Copy of its statutes or by-laws duly registered in the Registry of Commerce together with the physical address of the Affiliate Registration Organisation and the name of the officer of the organisation responsible for its operation. For entities which are not registered in the trade registry are also acceptable (e.g. official documents of public entities, notaries, etc.)

  • The names together with an extract from the Police Records for every person whose work will be related to the ARO operation (including the sensitive functions such as identity verification).

  • A signed declaration from the organisation certifying the existence in the organisation's offices of premises where access is restricted only to authorised personnel and a description of such premises and the access control mechanisms available (e.g lock and key, smart card access, or biometrics, etc.).

  • A description of the market for digital certificates that the applicant could foreseeable penetrate.

  • Signing of a Bilateral Non-Disclosure Agreement.

  • A description of the Internet access service used by the applicant.

e) Operational Requirements

  • First level Support for End-User – the Applicant needs to ensure that it is able to provide first level support for its End-User. This first level support should include answering general PKI questions, as well as solving hardware and software problems related to the usage of certificates.

  • Suspension and Revocation Service - the Applicant needs to be able to provide a suspension and revocation service according to the Ecommerce PKI CPS. He should be able to execute a revocation or suspension request triggered by an End-User via phone, fax or email within 12 hours or contact the WISeKey Suspension and Revocation Service within 2 hours.

  • Sale of Accessories – the Applicant should be prepared to offer basic equipment, like card reader, USB extensions, etc., to End-Users.

Top - Feedback - Contact Us - Copyright © ITU 2002 All Rights Reserved
Contact for this page : E-Strategy Unit
Updated : 2001-08-14