On the request of AMP Logistics B.V. (hereafter referred to as: AMP), the annual certification audit on all areas and processes was performed by BSI Group The Netherlands B.V. (John M. Keynesplein 9, 1066 EP Amsterdam, The Netherlands).
The full audit covered all applicable requirements from the audit criteria listed below (see “Audit Information”) and are defined in AMP’s Statement of Applicability, dated 8 January 2024 and the Overview of Applicability, dated 9 January 2024.
A scope extension audit was performed in January 2024 as a point-in-time audit. Refer to the information below marked (*).
The scope of the assessment comprised the following Trust Service components provided to (qualified) Trust Service Providers:
-,,Registration Service
-,,partly, identity proofing of natural persons – with physical presence
-,,partly, identity proofing of natural persons – Unattended remote identity proofing, "Automated operation" (*)
-,,Subject Device Provision Service (partly, delivery of QSCD/SSCD).
These Trust Service components are being provided for the following (qualified) trust services as defined in Regulation (EU) 910/2014 (eIDAS):
-,,Issuance of qualified certificates for electronic signatures (qualified trust service), in accordance with the policy: QCP-n-qscd
-,,Issuance of qualified certificates for electronic seals (qualified trust service), in accordance with the policy: QCP-l-qscd;
-,,Issuance of qualified certificates for website authentication (qualified trust service), in accordance with the policy: QCP-w
The Trust Service component practices are described in the following document (*):
-,,AMP Groep - Trust Service & Identity Proofing Practice Statement (TSIPPS) voor "AMP Groep Persoonsidentificatie via de app", dated: 26-01-2024, effective date: 29-01-2024.
Our annual certification audit was performed in January 2024. The result of the full audit is that we conclude, based on the objective evidence collected during the certification audit for the period from 1 February 2023 through 31 January 2024, the areas assessed during the audit were generally found to be effective, based on the applicable requirements defined in AMP’s Statement of Applicability, dated 8 January 2024 and the Overview of Applicability, dated 9 January 2024.
The result of the scope extension audit (*), based on the objective evidence collected during the audit as per 29 January 2024, is that:
- we conclude that the areas assessed during the audit were generally found to be effective, based on the applicable requirements defined in AMP Groep's Statement of Applicability, dated 24 January 2024 and the Overview of Applicability, dated 23 January 2024.
- we confirm that the following identification method provides equivalent assurance in terms of reliability to physical presence, pursuant to Regulation (EU) 910/2014 (eIDAS) art. 24.1 sub d, for the Trust Services component (and Identity Proofing Context) covered by this Certificate of Conformity:
“AMP Groep Persoonsidentificatie via de app”, supporting the ETSI TS 119461 Use Case for Unattended remote identity proofing (9.2.3): "Automated operation" (9.2.3.4)".
Audit information
Audit criteria:
-,,Regulation (EU) N 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC, Chapter III – Trust Services.
-,,ETSI EN 319 411-2 v2.4.1 (2021-11) Electronic Signatures and Infrastructures (ESI) - Policy and security requirements for Trust Service Providers issuing certificates;- Part 2: Requirements for trust service providers issuing EU qualified certificates, for the policies: QCP-n-qscd, QCP-l-qscd, QCP-w;
Supporting audit criteria to Regulation (EU) 910/2014 and ETSI EN 319411-2:
-,,ETSI EN 319 401 v2.3.1 (2021-05) General Policy Requirements for Trust Service Providers
-,,ETSI EN 319 411-1 v1.3.1 (2021-05) Electronic Signatures and Infrastructures (ESI) - Policy and security requirements for Trust Service Providers issuing certificates - Part 1: General requirements, for the policies: NCP+, OVCP, PTC;
-,,ETSI TS 119 461 v1.1.1 (2021-07): Electronic Signatures and Infrastructures (ESI); Policy and security requirements for trust service components providing identity proof-ing of trust service subjects, incl. applicable requirements included by reference from ETSI EN 319 401 v2.3.1
-,,CA/Browser Forum – Baseline Requirements Certificate Policy for the Issuance and Management of Publicly-Trusted Certificates, v2.0.1 (17 August 2023)
-,,CA/Browser Forum – Network and Certificate System Security Requirements v1.7 (5 April 2021)
-,,PKIoverheid - Programma van Eisen v4.11, deel 3 Basiseisen, deel 3 Aanvullende eisen and the requirements from parts 3a, 3b, 3c, 3d, 3g, 3h, 3i. (28 February 2023)
Audit Period of Time:
1 February 2023 through 31 January 2024
Audit Point in Time (for (*)
29 January 2024
Audit performed:
January 2024
Information and Contact:
BSI Group The Netherlands B.V., John M. Keynesplein 9, 1066 EP Amsterdam, NL
|