EETT Decision 295/65 “Regulation on the Voluntary Accreditation of Certification Service Providers” establishes  the Voluntary Accreditation criteria and procedures for Electronic Signature Certification Service Providers.

Following you can find brief information on the national Voluntary Accreditation scheme.

Criteria for the Voluntary Accreditation of Certification Service Providers:

• The Certification Service Provider must demonstrate its compliance with the requirements of PD 150/2001 and EETT Decision 248/71/2002, as well as with all other regulations regarding the issuance of Qualified Certificates.
• The beneficiaries to which a Secure Cryptographic Module or Secure Signature Creation Device conformity certificate has been issued pursuant to the provisions of EETT Decision 295/64/2003 on a Regulation on the Conformity Control of Secure Signature Creation Devices and Secure Cryptographic Modules, are required to see to the satisfaction of the requirements of the surrounding space in order to ensure the following functions: a) generation of the Signature Creation Data they use for signing the Qualified Certificates of beneficiaries and the information about the status of Certificates, b) generation of the Signature Creation Data of the beneficiaries of Qualified Certificates, c) signature of the Qualified Certificates of beneficiaries, d) signature of information regarding the status of Certificates.
• The security of the services provided of beneficiaries must have been assessed by the Body for Voluntary Accreditation in accordance with the procedure laid down in Article 5 of Regulation on the Voluntary Accreditation of Certification Service Providers (EETT Decision 295/65/10-10-2003).
• The Certification Service Provider stating to the beneficiaries of Qualified Certificates, to EETT or third parties that the Signature Creation Data of the beneficiaries of Qualified Certificates are generated by or stored in or applied by means of a Secure Signature Creation Device, must be able to demonstrate how that is ensured.

The procedure for Voluntary Accreditation begins upon request by the interested CSP to the Body for Voluntary Accreditation.

The Body for Voluntary Accreditation shall check the security of the services provided by such interested party with regard to the suitability of the security measures and their implementation.

The interested party shall submit to the Body for Voluntary Accreditation the following documents:

a) The Conformity Certificates issued by the Body for Products which must correspond to the products used by the interested party. The Body for Voluntary Accreditation shall check in particular the validity of the above Certificates and whether the requirements of the surrounding space referred to in them are effectively implemented by the interested party.

b) A Security Report including at least the following:

•  a description of the facilities and necessary technical and organizational security measures and their suitability,
•  a list with the products used for creating Advanced Electronic Signatures,
•  the security measures provided for in order to ensure the uninterrupted provision of the services, especially in cases of emergency,
•  the file and data protection measures,
•  a description of the procedures in place for ensuring the reliability of the personnel employed,
•  the documents describing the Certification Policy and the Certification Practice Statement of the Certification Service Provider.

The Body for Voluntary Accreditation checks the implementation of the security measures described in the Report, proceeding to autopsy to that end.

Should conformity of the interested party be assessed, the Body for Voluntary Accreditation  issues a Conformity Certificate.

The Voluntarily Accredited Certification Service Provider shall be evaluated every three (3) years in order to assess its conformity.

The procedure for the Voluntary Accreditation of Certification Service Providers is described in article 6 of the “Regulation on the Voluntary Accreditation of Certification Service Providers”.

The applicable for Voluntary Accreditation shall submit a written application to EETT where it shall submit supporting documents as described in article 6 , par. 2 of the Decision 295/65. In the documents is included, among others, the Conformity Certificate issued by the Body for Voluntary Accreditation.

ΕΕΤΤ, taking in account the above, by means of a justified decision, decides on the Voluntary Accreditation of the applicant.

ΕΕΤΤ supervises all accredited Certification Service Providers. To that end, ΕΕΤΤ or the persons designated by it are entitled ex officio or following a complaint to request information and carry out inspections at the premises of establishment and operation of accredited Certification Service Providers.

Should be noted that for the time being, no Body has been designated for the conformity assessment of CSPs according to the criteria for Voluntary Accreditation.