Index of documents supporting the Grant of Approval to the Metropolitan Police Service’s Enterprise PKI Service.

1. What the tScheme Approved Service Mark signifies.
2. Approved Service - Service Description
3. Approval Profiles used in the assessment:
   

   Base Approval Profile	tSd0111	3.00
   Approval Profile for Registration	tSd0042	3.02
   Approval Profile for a Certification Authority	tSd0102	3.01
   Approval Profile for Signing Key Pair Management	tSd0103	3.02
   Approval Profile for Certificate Generation	tSd0104	3.01
   Approval Profile for Certificate Dissemination	tSd0105	3.01
   Approval Profile for Certificate Status Management	tSd0106	3.01
   Approval Profile for Certificate Status Validation	tSd0107	3.01

Back to Grant details

---

What the tScheme Approved Service Mark signifies

When a trust service carries the tScheme Mark, you can be secure in the knowledge that:

• the service has been thoroughly evaluated against rigorous criteria by independent experts;
  
  
• the service provider has agreed to keep to these criteria;
  
  
• the service provider subscribes to the tScheme Code of Conduct;
  
  
• the service provider has agreed to act promptly and fairly to remedy faults.
  
  

For each service, tScheme approval is regularly reviewed and may be withdrawn.

This Grant of Approval does not affirm or endorse any claims of conformance to standards or adherence to guidelines not explicitly listed as forming part of the service assessment.

top

---

Approved Service - Service Description

The subject service of this Grant of Approval is the Enterprise PKI Service from the Metropolitan Police Service.

The Metropolitan Police Service (MPS) has developed an Enterprise Public Key Infrastructure (PKI) to underpin IT security services and to enable electronic business within the organisation and with external parties, for example the NPIA for access to national police applications such as PND. The Certificate Policy (CP) for the MPS PKI Root Certificate Authority (CA) provides a full description of the Root Certificate Authority role, and in particular describes the legal, business and technical requirements for the Root CA. The policy should be read in conjunction with the associated Certificate Practice Statement (CPS), which describes ‘how’ these requirements are met in issuing certificates to CAs that are chained to the Root CA. The Root CA currently has two sub-ordinate CAs known as Sub-CA1 and sub-CA2, which are responsible for issuing, suspending and revoking certificates. The scope of the certificates issued by each Sub-CA is shown below:

• Authentication of end-entities and confidentiality (Sub-CA1)
• Digital signature (Sub-CA2)

top

---

The tScheme Code of Conduct

Participants in the electronic trust services industry strive:

• to act in an honest, fair, reasonable and trustworthy manner;
  
  
• not to bring electronic trust services into disrepute;
  
  
• to provide clear information about what each electronic trust service provides, including limitations and exclusions, to those who rely on that service;
  
  
• to meet service commitments and obligations;
  
  
• to be proactive in identifying and correcting faults and deficiencies in electronic trust services;
  
  
• to operate in accordance with appropriate standards;
  
  
• to act promptly in resolving complaints relating to electronic trust services.

top

 

copyright tScheme 2013 | Privacy | Accessibility | Designed by Infocuswebs.com