Trust service organization & processes

If you want knowledge and experience to set up your trust service organisation and processes.

What role does a Trust Service Provider fulfil?
Trust Service Providers (TSPs) are essential for establishing trust between parties conducting transactions electronically. For example, trust service providers provide reliable identity information and help establish secure communications between parties conducting digital transactions. Therefore, relying parties such as customers of electronic trust services must be able to rely on the security and reliability of these trust services. To this end, the TSP must have procedures, processes, and security measures to minimise operational and financial threats and risks.

Organisational and security measures for trust service providers

Every trust service provider must comply with minimum organisational and security measures regardless of the trust service being provided. Some strict requirements and standards must be met, particularly for Qualified Trust Service Providers (QTSP). For example, every QTSP must comply with the ETSI standard EN 319 401 - General Policy Requirements for Trust Service Providers. This standard includes measures in the areas of:

Risk assessment and treatment
Information security
Internal organisation
Human resources
Asset management
Access control
Cryptographic measures
Physical security
Operational security
Vulnerability and incident management
Logging and archiving
Business contingency
Audit and compliance
Supply chain

Cybersecurity is crucial for every trust service provider and every digital trust service. In addition to the ETSI EN 319 401 standard, additional requirements apply, such as the applicability of NIS2 and, if necessary, the ISO27001 standard.

Setting up processes for trust services

In addition, you also have the specific service requirements that you must meet as a TSP. For example, as a QTSP that issues certificates for digital signatures, you must comply with the ETSI standards EN 319 411-1 and EN 319 411-2. Other ETSI standards apply to other electronic trust services, such as:

ETSI EN 319 421 for qualified time-stamping services.
ETSI EN 319 422 for qualified electronic signature validation services

In short, different processes and requirements apply to each type of trust service.

Need support in setting up your organisation and processes?

Our people have the experience and knowledge to set up your organisation, the necessary measures and trust service processes following best practices. Please contact us to see how we can help you with this.

Machiel van Ginderen

"You don't get trust by saying what you do, but by showing what you do."

As a business expert, I have helped many organisations over the past 25 years with designing their organisational structure, information technology, business processes and control measures. The first years under the KPMG and General Motors flag, and later as an independent consultant and project manager. In my last role as COO, I built up the organisation and processes of the QTSP NotarisID.

With the House of Trust team, I help trust service providers set up the trust service organisation and specific processes.

Send Machiel a message

We are happy to help you with the issues below

Set up a trust service organization

Regardless of the trust service you offer, your organisation will have to be rock solid. This includes many measures to manage risks and guarantee quality following standards. We help you with the organisation's design. Of course, we prefer to do this with the people ultimately responsible for the trust service organisation.

Set up a trust service and processes

You must also have specific processes depending on which trust service you choose. We know the requirements and processes needed to run every trust service operationally. We help you set up trust services and associated processes from design to operational implementation.

Project management

We are exceptionally skilled at realising goals and deliverables on a project basis. This includes setting up a new trust service provider, one or more trust services, and their possible certification. We always do this with a few people from our team and together with the customer. This way, we achieve the fastest and best results together.

Trust service organization & processes

​​​

Organisational and security measures for trust service providers

Risk assessment and treatment

Information security

Internal organisation

Human resources

Asset management

Access control

Cryptographic measures

Physical security

Operational security

Vulnerability and incident management

Logging and archiving

Business contingency

Audit and compliance

Supply chain

​​

Cybersecurity is crucial for every trust service provider and every digital trust service. In addition to the ETSI EN 319 401 standard, additional requirements apply, such as the applicability of NIS2 and, if necessary, the ISO27001 standard.

​​

Setting up processes for trust services

ETSI EN 319 421 for qualified time-stamping services.

ETSI EN 319 422 for qualified electronic signature validation services

In short, different processes and requirements apply to each type of trust service. ​​​​​