Document from CIS Legislation database © 2003-2021 SojuzPravoInform LLC

Registered by the

Ministry of Justice

Republic of Moldova

On July 15, 2016 No. 1124

ORDER OF SERVICE OF INFORMATION AND SAFETY OF THE REPUBLIC OF MOLDOVA

of July 15, 2016 No. 70

About approval of some regulations in the sphere of the organization of activities of suppliers of certified services in scope of the digital signature

Based on Art. 26 of the h. (7) and 36 h. (1) the Law No. 91 of 29.05.2014 on the digital signature and the electronic document (The official monitor of the Republic of Moldova, 2014, 397) I ORDER to Art. No. 174-177,:

1. Approve:

1) Regulations on the procedure of accreditation of suppliers of certified services in scope of the digital signature (according to appendix No. 1);

2) Special conditions of activities of suppliers of certified services in scope of the digital signature (according to appendix No. 2);

3) Regulations on the state control in scope of the digital signature (according to appendix No. 3);

4) Regulations of the supplier of certified services in scope of the strengthened qualified digital signature (according to appendix No. 4).

2. Recognize invalid:

1) the Order of the director of Service of information and safety of the Republic of Moldova No. 13 of 3.04.2006 "About approval of some regulations in the sphere of the organization of activities of the centers of certification of open keys", is registered in the Ministry of Justice in the Register of state registration of normative departmental acts No. 425 of June 21, 2006 (The official monitor of the Republic of Moldova, 2006, No. 102-105, the Art. 367);

2) the Order of the director of Service of information and safety of the Republic of Moldova No. 118 of 8.12.2015 "About approval of sample of the certificate on accreditation in the field of the digital signature" (The official monitor of the Republic of Moldova, 2015, No. 340-346, the Art. 2531).

3. This order becomes effective from the date of publication in the Official monitor of the Republic of Moldova.

Deputy director of Service of information and safety

To Alexander Baltaga

Appendix №1

to the Order of the director of Service of information and safety of the Republic of Moldova of July 15, 2016 No. 70

Regulations on the procedure of accreditation of suppliers of certified services in scope of the digital signature

I. General provisions

1. This Provision is developed according to the Law No. 91 of May 29, 2014 on the digital signature and the electronic document and establishes the procedure of accreditation of suppliers of certified services in scope of the digital signature (further - suppliers) the body authorized by the law to enable development and the realization of state policy, and also to exercise control in scope of the digital signature - Service of information and safety of the Republic of Moldova (further - authorized body).

2. Suppliers of certified services in scope of the strengthened qualified digital signature are subject to obligatory accreditation.

3. Suppliers of certified services in scope of the simple digital signature and the strengthened unqualified digital signature have the right to undergo the procedure of accreditation at discretion.

II. Submission of the statement for accreditation

4. For accreditation the supplier submits the following documents:

1) the statement for accreditation according to the sample provided in appendix No. 1 to this Provision in which are specified:

a) full name of the legal entity, location and form of business;

b) position, surname and name of the head of the legal entity, document number proving the identity, identification number of physical person (IDNP);

c) other contact information (phone number, fax, postal address, e-mail);

2) copies of formation documents of the legal entity.

5. The supplier of certified services represents to scopes of the strengthened qualified digital signature in addition to the documents specified in item 4 of this Provision, the following documents:

1) the bank guarantee or the insurance policy (only for the suppliers providing services to the third parties);

2) the Regulations on activities of the supplier approved by the head of the legal entity;

3) the copy of the order of the head of the legal entity on appointment of workers of the supplier and persons, representatives to sign certificates of open keys, and also copies of identity documents of these persons;

4) copies of the documents confirming education and qualification of responsible officials which functional obligations are directly connected with provision of services on certification;

5) plan scheme of rooms and procedure for access to rooms of the special mode;

6) procedure for storage of backup copies of the register of certificates of open keys;

7) procedure for synchronization with the World coordinate time (UTC);

8) the copy of the license for the right of implementation of activities in the sphere of cryptographic information security (only for the suppliers providing services to the third parties).

6. The supplier providing services in certification of open keys to the third parties shall have the financial resources necessary for indemnification which can be caused to owners of certificates of open keys, users or the third parties owing to failure to carry out or inadequate accomplishment by the supplier of the obligations.

7. For the purpose of, specified in Item 6 of this Provision, the Supplier in scope of the strengthened qualified digital signature provides the bank guarantee or the insurance policy for benefit of authorized body on the amount of 300 000 lei.

8. The statement for accreditation and the documents attached to it, constituted in state language move in office of authorized body the head of the legal entity or other authorized person. Documents are submitted in the original or in copies with presentation of originals for reconciliation.

9. The statement for accreditation and the documents attached to it are accepted according to the inventory which copy goes it (is handed) to the applicant with mark about date of documents acceptance, the witnessed signature of the responsible person.

III. Consideration of the application about accreditation of the supplier

10. Based on the documents specified in items 4 and the 5th this provision, the authorized body till 15 working days checks observance by the supplier of certified services of requirements in the field of the digital signature.

11. In the course of complex check the authorized body has the right to verify authenticity of the documents enclosed to the application for accreditation, to estimate information concerning procedures of safety and certification, to check technical and program complexes of the applicant.

12. Interests of the legal entity who submitted the application for accreditation are represented by the head of the legal entity or other persons, representatives in accordance with the established procedure.

13. Based on results of verification of the statement for accreditation and complex check, the authorized body constitutes the conclusion.

IV. Decision making about accreditation of the supplier

14. By results of complex check regarding observance of requirements in the field of the digital signature and based on the constituted conclusion the head of authorized body makes the decision on accreditation or on refusal in accreditation of the supplier.

15. In case of decision making about accreditation, to the supplier within 5 working days the certificate on accreditation according to the sample provided in appendix No. 2 to this Provision is granted.

16. The decision on refusal shall contain convincing reasons and exclusive references in accreditation on legislative and regulations which were violated. The decision is brought to the attention of the applicant within 5 working days.

17. The refusal cannot serve as obstacle for repeated submission of documents on accreditation in accreditation if the causes which formed the basis for refusal were removed.

18. The decision on refusal in accreditation can be appealed in administrative court.

19. The supplier is considered accredited from the date of issue of the certificate on accreditation.

20. In case of modification of the documents specified in items 4 and the 5th this provision, the supplier within 10 working days submits the relevant documents to authorized body.

V. Consideration of the application about issue of the duplicate of the certificate on accreditation

21. In case of loss of the certificate on accreditation within 5 working days from the moment of submission of the corresponding statement the duplicate of the certificate is issued to the supplier.

22. The authorized body issues the duplicate of the certificate on accreditation in case of submission of the following documents:

a) the application for issue of the duplicate of the certificate on accreditation signed by the head of the legal entity;

b) the copy of the announcement of loss of the original certificate about accreditation published in the Official monitor of the Republic of Moldova.

23. By results of consideration of the application about issue of the duplicate of the certificate on accreditation the conclusion based on which the head of authorized body makes the decision on issue or on refusal in issue of the duplicate is constituted.

24. The motivated decision on refusal in issue of the duplicate of the certificate is brought to the attention of the applicant in writing within 5 working days.

25. In case of creation of the duplicate of the certificate on accreditation on it the mark "Duplicate" becomes.

26. The copy of the issued duplicate and all materials which formed the basis for its issue are attached to the file on accreditation.

VI. Storage of registration documents on accreditation of suppliers

27. The materials relating to accreditation of suppliers are stored in separate files on accreditations in which the documents specified in items 4 and the 5th this provision accompanied by the certificate on accreditation are introduced.

28. All subsequent correspondence with the corresponding supplier, and also documents about performed also is introduced in the file on accreditation.

29. Files on accreditation are stored in archive of authorized body during term, stipulated by the legislation.

30. The authorized body issues, according to the request of authorized persons and within, stipulated by the legislation, data and copies of documents from the file on accreditation.

VII. Register of the centers of certification of open keys

31. Based on the decision on accreditation the supplier gets number of accreditation which is introduced in the Register of suppliers of certified services in scope of the digital signature (further - the Register).

32. Number of accreditation consists of 7 figures of aabbccc from which:

1) aa - level in hierarchy of the supplier of certified services;

2) bb - year of registration;

3) ccc - sequence number.

33. Holder of the Register is the authorized body, the registrar – the supplier of certified services of the highest level.

34. In the Register the following data are entered and updated:

1) full name of the legal entity, identification number of legal unit (IDNO), fiscal code;

2) surname, name and phone of the head of the legal entity;

3) name, number of accreditation and date of accreditation of the supplier;

4) location, phone, fax of the supplier;

5) surname, name, phone, e-mail postal address of the head and authorized persons of the supplier;

6) data on modification and amendments in the documents specified in items 4 and the 5th this provision;

7) date and reasons of the termination of activities of the subordinate supplier;

8) other specifications.

35. The register is kept according to the requirements provided by the Law No. 71 of 22.03.2007 on registers.

36. Suppliers shall inform within 10 days authorized body on changes and amendments of the data containing in the Register.

37. Information on accredited suppliers, and also on those whose activities are stopped is published by authorized body on the official web page.

 

Appendix №1

to Regulations on the procedure of accreditation of suppliers of certified services in scope of the digital signature

Sample to Service of information and safety of the Republic of Moldova

Statement

According to item 4 of the Regulations on the procedure of accreditation of suppliers of certified services in scope of the digital signature,

__________________________________________________________________

__________________________________________________________________

              (full name of the legal entity, IDNO)

on behalf of ____________________________________________________________

__________________________________________________________________

__________________________________________________________________

(position, surname, name of the head of the legal entity, number of the certifying document, IDNP)

I ask to accredit as the supplier of certified services in scope _____________________________________ the digital signature

                                                                                                                 (idle time / the unqualified / strengthened qualified strengthened)

with the following data:

Name of the supplier: _____________________________________

__________________________________________________________________

Level in hierarchical structure of suppliers: _________________

__________________________________________________________________

Location: ___________________________________________

__________________________________________________________________

Contact information of the legal entity:

___________________________________________________________ phone

______________________________________________________________ fax

postal address ____________________________________________________

e-mail _____________________________________________________________

"____" _______________ 20 ___ _____________________

                                                           (signature)

Appendix №2

Рисунок к Приказу РМ от 15.07.2016 г. №70

Appendix №2

to the Order of the director of Service of information and safety of the Republic of Moldova of July 15, 2016 No. 70

Special conditions of activities of service providers on certification of application of the digital signature

I. General provisions

1. Special conditions of activities (further - Special conditions) suppliers of certified services in scope of the digital signature (further - suppliers) are developed according to Law No. 91 provisions of May 29, 2014 on the digital signature and the electronic document.

2. Special conditions establish general requirements to suppliers and their infrastructure, the organization of the main procedures of suppliers, to management system information security, and also specific actions for registration, the organization and check of activities of suppliers.

3. Special conditions are the regulating document in the field of the digital signature and are obligatory for all legal entities rendering services in certification of open keys and other types of service connected with the digital signature.

4. In these special conditions the following concepts are used:

the user of the digital signature - physical person or legal entity, and also the device or appendix using services of the supplier;

identification - assignment to subjects and access objects of the identifier and/or comparison of the shown identifier with the list of the appropriated identifiers;

authentication - check of accessory to the subject of access of the identifier shown them, authenticity confirmation;

integrity - reliability, consistency and relevance of information, its security from destruction and unauthorized change;

availability - opportunity to obtain the information required or information service during the satisfying period of time;

confidentiality - information security from unauthorized disclosure;

the means of cryptographic information security (MCIS) - hardware, program and the hardware and software, systems and complexes realizing the algorithms of cryptographic transformation of information intended for protection of integrity and confidentiality of information in case of its processing, storage and transfer on communication channels;

the certificate revocation list - the list of certificates of open keys which it is suspended or stopped before the termination of term of their action, created by the supplier;

technical and cryptographic information security - information security using ad mathematical (cryptographic) hoc methods, program, technical, program and technical and other means, and also organizational and technical procedures;

information security from leakage - package of measures, directed to prevention of uncontrollable distribution of the protected information on technical and collateral channels by means of special technical means;

information security from unauthorized access - package of measures, directed to prevention of receipt of the protected information by the interested subject with violation of the rights or rules of access to the protected information established by legal documents or the owner (owner) of information;

information security from inadvertent impact - package of measures, directed to prevention of inadvertent impact on the protected information owing to the mistakes of the user, failures of the program technical means, the natural phenomena or other reasons which are not directed to change of information, but leading to misstatement, destruction, copying, blocking of information access, and also to its loss, destruction or failure of functioning of the material data carrier;

security policy - set of the documentary management decisions directed to information security technical and software of information systems.

II. Services and procedures of the supplier

5. The supplier renders obligatory and optional services in the field of the digital signature.

6. Obligatory service is the service in certification of open keys of physical persons.

7. The supplier can render the following optional services:

1) certification of open keys of the services provided in the information sphere and information services of e-mail, VPN, web, etc.;

2) imposing of tag of time;

3) other services in the sphere of the digital signature.

8. In the course of provision of services on certification of open keys of physical persons the supplier shall provide accomplishment of the following procedures:

1) registration of physical person;

2) creation (release) of the certificate of open key of physical person;

3) suspension of action of the certificate of open key of physical person;

4) renewal of action of the certificate of open key of physical person;

5) withdrawal of the certificate of open key of physical person;

6) publication of certificates of open keys;

7) distribution of information on the suspended and withdrawn certificates (certificate revocation lists).

9. The supplier provides process of administration (management) of certificates of open keys by complex accomplishment of the specified procedures.

III. The general requirements imposed to the supplier

10. The objects used by the supplier shall belong to it on the property rights.

11. The supplier shall use the smoothed-out devices of creation of the digital signature, the device of verification of the digital signature and products of the digital signature having the certificate of conformity issued according to the current legislation.

12. The organization of internal operating mode of the supplier shall exclude possibility of unauthorized physical access to the smoothed-out devices of creation of the digital signature, devices of verification of the digital signature and products of the digital signature, their unauthorized use or modification.

Warning!!!

This is not a full text of document! Document shown in Demo mode!

If you have active License, please Login, or get License for Full Access.

With Full access you can get: full text of document, original text of document in Russian, attachments (if exist) and see History and Statistics of your work.

Get License for Full Access Now

Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info

Effectively work with search system

Database include more 50000 documents. You can find needed documents using search system. For effective work you can mix any on documents parameters: country, documents type, date range, teams or tags.
More about search system

Get help

If you cannot find the required document, or you do not know where to begin, go to Help section.

In this section, we’ve tried to describe in detail the features and capabilities of the system, as well as the most effective techniques for working with the database.

You also may open the section Frequently asked questions. This section provides answers to questions set by users.

Search engine created by SojuzPravoInform LLC. UI/UX design by Intelliants.