SkIDentity certified by BSI according to ISO 27001 and by TÜViT according to Trusted Cloud Privacy Profile

ecsec GmbH today has received the certificate according to the “Trusted Cloud Privacy Profile for Cloud Services” (TCDP), issued by the certification body of TÜV Informationstechnik GmbH (TÜViT), for the highest protection class III. Furthermore the Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, BSI) has certified the “Secure Cloud Infrastructure (SkIDentity)” in accordance with ISO 27001 based on IT Baseline Protection (BSI-IGZ-250).

Privacy and data security as foundation for successful digital transformation

At today’s closing ceremony of the pilot project “Data Protection Certification for Cloud Services” not only the remarkable project results including the catalogue of evaluation criteria based on ISO/IEC 27002 and ISO/IEC 27018 were presented, but also the certificate for SkIDentity according to the “Trusted Cloud Privacy Profile for Cloud Services” issued by the certification body of TÜV Informationstechnik GmbH (TÜViT) has awarded to ecsec GmbH. As it has been demonstrated within the evaluation and certification procedure, the SkIDentity Service fulfils the demanding requirements for the highest protection class III and hence it may be used for processing particularly sensitive data in a legally compliant manner.

SkIDentity technology is now not only distinguished, but also certified

The multiple award-winning¹ SkIDentity Service (https://skidentity.com) was developed in the scope of the “Trusted Cloud” initiative supported by the German government. Using SkIDentity, electronic identity documents (eID), such as the German electronic identity card “Personalausweis”, can be easily used in cloud and web applications. SkIDentity in particular allows to derive cryptographically protected “Cloud Identities” from any eID document, which can be transmitted to any smartphone and used there for the strong pseudonymous authentication or a self-determined identity proofing in the cloud. Thanks to SkIDentity, no passwords need to be stored in web applications and therefore there is no risk that they could be stolen or misused.

As shown in the certificate (BSI-IGZ-250) issued by the Federal Office for Information Security, the scope of the security assessment and certification according to ISO 27001 based on IT Baseline Protection did not only comprise the identity management service of SkIDentity, but the full blown “Secure Cloud Infrastructure (SkIDentity)”, which can be used for highly reliable operation of other cloud and web applications. “The processing of sensitive data in cloud services requires high security standards. A transparent proof of the correct implementation of an appropriate security concept can only be provided within an independent certification procedure,” adds Bernd Kowalski, Head of Department in the Federal Office for Information Security. “Within the certification of SkIDentity it was shown that even the demanding requirements associated with the use of the German electronic identity card in cloud services, can be proved to be satisfied via an ISO 27001 certification based on IT Baseline Protection.”

¹ See https://www.skidentity.com/en/awards/ .