Obtain accreditation as a De-Mail service provider Unfortunately this specification of service has not yet been completely translated.
De-Mail provides a secure infrastructure for digital communication. De-Mails are similar to e-mails, but more secure: the identities of sender and recipient cannot be falsified and messages are transmitted exclusively via encrypted channels. Citizens, companies and administrations can communicate securely via the service. This infrastructure is operated by accredited De-Mail service providers (DMDAs). If you want to become a DMDA, you need to be accredited. You can apply for this accreditation from the BSI. For this, you have to fulfil technical, organisational and data protection requirements. For example, you must provide proof of insurance with certain coverage amounts and obtain certificates from the Federal Commissioner for Data Protection and Freedom of Information. If you are accredited, you will receive a quality mark. This quality mark allows you to advertise the technical and administrative security of your services. Accreditation is valid for three years, after which you must apply for re-accreditation. Before you apply, you can meet with BSI staff. In an informational interview, they can explain the accreditation procedure to you, as well as the associated organizational issues and costs.
General evidence about the company: Company description, extract from the commercial, cooperative, partnership or association register, Copy of business registration and Insolvency certificate (self-insurance) that the company is not in insolvency or liquidation. The general proofs about the company must not be older than six months. Further required proofs: Test certificates from certified IT security service providers De-Mail with the associated test reports (not older than six months), a data protection certificate from the Federal Commissioner for Data Protection and Information Security, and Evidence of: reliability, expertise and coverage.
Forms: Application for accreditation as a De-Mail service provider. Online procedure possible: no Written form required: yes Personal appearance required: no
As a De-Mail service provider you must: possess the reliability and expertise required for the operation of De-Mail services, have appropriate insurance cover to meet compensation for possible damages, meet the technical and organisational requirements to provide the services reliably and securely, and comply with data protection requirements in the design and operation of De-Mail services.
You must apply for accreditation as a De-Mail service provider in writing. BSI recommends that you give informal notice of your application before collecting evidence. Application stage: The BSI will offer you an informational interview prior to submitting your application. During the interview, you can find out about the effort involved in the procedure as well as possible costs. Then complete the application form in full and send it to BSI with all the necessary documents. The BSI will check your application for formal correctness and completeness. It will also check your submitted evidence for formal and factual correctness, completeness and validity. The result of the assessment of your application is summarised by the BSI in an accreditation report. If you need to amend the submitted documents, the BSI will inform you of this. Assessment phase: Based on the assessment of your application and the supporting documents, the BSI decides on your accreditation. It will notify you of its decision in writing. If you are accredited, the BSI will give you an accreditation certificate, the quality mark and a report on your accreditation. You must renew your accreditation after three years at the latest. Before a negative decision is sent, the BSI will inform you of the reasons for the rejection. You can comment on this within two weeks. If possible, BSI will give you the opportunity to rectify the deficiencies. Operational phase: Once your accreditation is complete, the operational phase begins: you may now offer your De-Mail services. From the time of accreditation and commencement of operation of the De-Mail services, you are subject to supervision by the BSI. This obliges you to do the following things: You must report security vulnerabilities immediately. You must grant BSI staff access to business premises and relevant documents. You must inform the BSI immediately of any changes at your company that affect the accreditation requirements. The BSI ensures continuous cooperation by holding meetings and workshops on an ad hoc basis. Under certain conditions, the BSI may temporarily prohibit you from operating.