No, only for the operation of the signature application. No certification and no audit are required. Within the scope of a “configuration and acceptance declaration”, the customer makes a self-declaration to operate the signature application properly, i.e., not to exchange the hash of a document and to display the document to be signed to the customer (WYSIWYS = “What you see is what you sign”). Data traffic between the signature application and Swisscom should be encrypted, and essential protection against viruses and attacks should be guaranteed as with any other system. An official audit with certification can only be necessary if the system has its identification, especially its authentication method. In Switzerland, identification with Swisscom authentication methods can be simplified using a suitable “implementation concept” submitted by the customer and approved by Swisscom; in the EU, an official audit is generally necessary. As a rule, an authentication method must always be certified, as this should ensure “sole control” of the signing certificate (called “sole control” in the ETSI context).
General legal and regulatory questions
- Electronic signature
-
Electronic seals
-
Electronic certificate
-
Electronic timestamps
- Signing Service
- Identification methods
- Smart Registration Service
- RA agency
-
SRS Ident Website
- Authentication and signature approval means
-
General legal and regulatory questions
-
Data privacy
- DocuSign and Swisscom
-
Purchase and billing of our products