The legal relationship with ZealiD
There are two reasons why working with a qualified trust service provider such as ZealiD will make your life simple. Or at least that of your compliance department.
- Firstly, issuing certificates to the public is a regulated business activity so you don't need to contractually ensure that your own information security policy is met. Simply speaking, you are not subcontracting a service. To start with, you don't have a legal right, unless you are a QTSP, to issue certificates and to perform identification. But more importantly, qualified trust service providers' information security policy is enforced by law and standards. It is conformity assessed and supervisory body authorized.
- Secondly, all material information is available on a qualified trust service provider's public repository. Regulation and standards require specific practice statements to be published, containing all necessary information on all vital information security aspects, such as certificate life cycle, liabilities, insurance policies, terms & conditions, and much more. This gives your compliance department full transparency and allows them to save time and money by simply trusting a supervisory authority and leading security assessment bodies.