About tScheme and its Organisation

tScheme is the independent, industry-led, self-regulatory scheme set up to create strict assessment criteria, against which it will approve Trust Services.

tScheme approval will therefore be an essential element in providing a level of assurance to individuals and companies using or relying upon e-business transactions. tScheme is taking a strong lead in Europe through this commitment to industry-led self-regulation, rather than government-led legislation. As a key element of this self-regulatory focus, tScheme's objective is to continue to be the preferred option for fulfilling Part I of the UK's Electronic Communications Act 2000.

Membership of tScheme is actively encouraged across all interested sectors of industry, and a broad range of organisations are already represented and contributing to its development. Contributions from representatives of the end user community who need to rely on Trust services are also particularly welcome, to ensure that tScheme continues to address real market needs and user priorities.

tScheme has now announced its first wave of service Approvals. For details of tScheme's Approvals, please see the Directory pages. These were granted following assessment against the tScheme Approval Profiles (currently at Issue 3). tScheme has also developed a full range of Model Agreements are which in place and ready for signature with TSPs seeking or being awarded tScheme approval for specific electronic trust service(s). Strict procedures are also in place to ensure that tScheme manages its approvals process in an objective, transparent, proportionate and non-discriminatory manner.

tScheme also considers formal requests for the grant of tScheme Registered Applicant status from TSPs embarking on the process. For details of current Registered Applicants, please click here. This does not imply any form of tScheme approval, but formally recognises the serious commitment of time and resources the TSP has undertaken to dedicate to completing the process by an agreed date.



Introduction
Objectives
The tScheme Process
Approval Profiles
Ongoing Assurance, Redress and Sanctions
Organisation - Board; Secretariat; Approvals Committee.
National and International relationships
Key Dates
Participating Organisations

You can also have a visual presentation of some of this information in PowerPoint format, available on the Library page


1. Introduction

In 1998 a group of UK trade organisations formed the Trust Services Group. This group became a powerful force in the lobbying against certain government strategies at the time, which proposed to enforce a strict regulatory regime covering the provision of encryption-based services.

The tScheme initiative was subsequently developed, and was incorporated in May 2000 as an independent limited company. Since that time considerable resources have been contributed by the tScheme Members to the successful development and implementation of an objective, transparent, proportionate and non-discriminatory scheme for Trust Services industry self-regulation, within the context of the EC Directive [1999/93/EC ‘Electronic Signatures’].

tScheme has a growing range of Members and contributors representing all those interests identified above. Several tScheme Member organisations are or plan to become Trust Service providers, who will seek to become approved under the scheme, submitting their Services for full assessment in exactly the same way as non-Member TSPs. There is also growing interest from outside the UK in developing similar schemes, or in applying for approval under the UK initiative.

Back to top

 

2. Objectives

tScheme aims to provide assurances by developing sets of criteria, known as Approval Profiles, against which trust service providers can independently be assessed for each of the trust services they wish to provide for clients. This independent assessment will be carried out by tScheme-Recognised assessors against tScheme Approval Profiles.

tScheme aims to ensure continuity of assurance. Trust service providers satisfactorily meeting tScheme criteria and thereby qualified to carry the tScheme Mark on assessed services offered will be bound by contractual terms to ensure that good practice continues. The validity of the Mark will need to be renewed, and the Mark can also be revoked.

tScheme will mandate independent accreditation of the Assessing Bodies who in turn will be auditing electronic trust services being offered by electronic trust service providers seeking tScheme approval.

tScheme will apply oversight with a redress and sanctions capability to enforce conditions of approval.

tScheme works closely with HMG to make UK the "best and safest" place in the world for e-Commerce and provides an effective voluntary approvals regime for cryptographic services, making it unnecessary for the Secretary of State to invoke powers under Part 1 of the Electronic Communications Act 2000 to establish a statutory authority.

tScheme expects to provide the supervisory functions within the scope of the European Directive. tScheme will not duplicate the work of other bodies in similar areas nor new standards, but will employ and seek to complement whatever credible and effective standards and codes of conduct already exist. It will focus on the specialist needs of electronic trust service users and providers.

tScheme is very active internationally and continues to further international co-operation and mutual recognition.

Back to top

 

3. The tScheme Process

tScheme approves the combination of specific services offered by a specific organisation. The process for approving a service involves a number of discrete steps:

  1. tScheme develops, authorises and publishes an appropriate range of Approval Profiles;
  2. an independent organisation - UKAS in the UK - working with tScheme accredits suitably qualified assessors to undertake audits against the Approval Profiles. Such assessors are recognised by tScheme;
  3. a Trust Service Provider (TSP) engages a recognised assessor to audit its defined services against the appropriate profile or profiles and receives an assessment report;
  4. the TSP applies to tScheme Limited for formal grant of approval, citing the assessor's report certifying compliance;
  5. tScheme considers the assessment report and, if satisfied, invites the TSP to sign a contract covering the service provider's use of the tScheme Mark and the attendant conditions, and to pay the approval fee;
  6. tScheme adds the TSP to its web-based directory of approved services. The TSP displays the Approved Service Mark for the period of its contract with tScheme thereby indicating to its service users that the service conforms to standards which are deserving of trust.

Back to top

 

4. Approval Profiles

Approval profiles are designed to establish the following:

The process of writing the profiles is always on going; they are periodically reviewed by our member-driven Profiles and Process Committee. The Profiles are currently at "Issue 3".

The Issue 3 Approval Profiles can be found by in the Profiles section of the website. They are copyrighted, but are free, providing they are ordered (to track the distribution).

It is the intention of tScheme not to extend existing market standards unnecessarily. To that end Approval Criteria recognise evidence of prior qualifications as far as possible, and may take these into account where they arise from membership of other regulatory regimes.

This allows sector-specific qualifications as satisfactory evidence, for example authorisation by the Financial Services Authority, for compliance with the requirements for financial probity.

Back to top

 

5. Ongoing Assurance, Redress and Sanctions

On-going conformity is assured through periodic re-assessment plus random audits carried out by a tScheme-Recognised assessor. The approval contract between tScheme and the service provider binds the service provider to redress and commensurate sanction procedures in the case of justified complaint or observed failure. The possible penalties include orders for immediate correction, compensation of those injured and termination of approval rights. Those found to have breached their obligations will have rights of appeal as specified in their approval contract.

tScheme aims to be an open and transparent organisation. Membership is open to all organisations, and our accounts are published at Companies House. tScheme is registered under the Data Protection Act.

Back to top

 

6. Organisation

tScheme Limited is established in the UK as an independent, self-sustaining, not-for-profit company, limited by guarantee. It is an open and neutral organisation, seeking membership through subscription from all sectors of the community, including Trust Service Providers and Technology Suppliers from industry, Users, Government, Trade Associations, Consumer Groups, Financial Institutions, and Certification Bodies.

Although a not-for-profit organisation, tScheme must obtain sufficient income to fund the work needed to meet its objectives. It is self-funding from membership subscriptions and from charges made for the granting of tScheme approval and use of the tScheme Mark. A Board of directors is elected by the whole membership through a process which ensures all types of member are properly represented. The Board is responsible for ensuring the balance and neutrality of the tScheme operation. The Board will make decisions on policy and budget, oversee the work programme of tScheme through the offices of an appointed Chief Executive officer and ratify Approvals Profiles prepared by an expert committee. An independent Approvals Committee reporting to the board considers applications from assessed Trust Service Providers for formal grant of tScheme approval.

An expert group of all members, is primarily responsible for the development and maintenance of the technical aspects of tScheme. The key body within this group is the Profiles & Processes Committee, which is responsible for developing the Approval Profiles against which trust services will be assessed. The Profiles & Processes Committee can propose the establishment of working groups with appropriate expertise to undertake specific activities as necessary to support approved work programme’s. A Secretariat has been formed as the permanent resource responsible for supporting day-to-day operation of tScheme committees, for document management and distribution, and for updating Website content.

Back to top

 

7. National and International relationships

Within the European context, tScheme operates as a voluntary accreditation scheme for Trust Service Providers as recognised by Article 3(2) and 7(1)(a) of the European Directive 1999/93/EC. Its industry-led basis, rather than a national statutory one, makes it attractive as an approval body for providers based in other countries, including other member states of the European Union. One aim of tScheme is to grow relationships beyond the UK’s borders on the basis that many trust service providers wish to operate internationally. This also serves to engender consumer trust in cross-border transactions. tScheme will co-operate with equivalent organisations across Europe and elsewhere with a view to extending co-operation and mutual recognition. tScheme's readiness to accept into its Approval Profiles existing standards mandated by other bodies aids in creating the desired inter-locking systems of mutual recognition across Europe and elsewhere.

tScheme co-operates with the European Electronic Signature Standardisation Initiative, providing input into the EESSI programme, recognising within its Approval Profiles the standards EESSI produces, and inviting specialists from EESSI to review and comment on Approval Profiles.

Back to top

 

8. Key Dates

Back to top

 

9. Participating Organisations

The current subscribing members are:

BT Global Services
Cabinet Office
DWP (Department for Work and Pensions)
Experian
Mydex
UK Payments Council

In addition many other commercial and Government organisations and individuals contributed to the early development of tScheme including: Baltimore; British Bankers' Association; British Chambers of Commerce, CBI; CCTA; Consumers' Association; Customs & Excise; DMA; EDS; Hitachi; Inland Revenue; Lloyds TSB; MicroSoft; NCC; Sun Microsystems; Vodafone.

If you would like to find out more about membership including current fees and how to apply for membership, then please visit the Members area.

Back to top