Note:

Sorry, we are still working on the translation of our website. A lot of information is currently only available in German.

Trust Center Information Security Management System

 

The Trust Center of Deutsche Telekom Security GmbH operates an Information Security Management System (TC ISMS for short) in accordance with the international standard DIN EN ISO / IEC ISO27001. In addition, the security requirements of other national and international standards are implemented. In particular, the requirements of the BSI guideline TR-03145 (Secure CA Operation) and the European ETSI standards EN 319401 (General Policy Requirements for Trust Service Providers), EN 319411-01 (Policy and security requirements for Trust Service Providers issuing certificates; General Requirements) and EN 319-411-02 (Policy and security requirements for Trust Service Providers issuing certificates; Requirements for trust service providers issuing EU qualified certificates).

 

In addition to implementing the organizational, procedural, technical and infrastructural requirements of the aforementioned standards, the Trust Center ISMS takes into account the legal requirements of the European EU regulation eIDAS and the Trust Services Act (formerly SigG / SigV) for qualified trust service providers and is subject to the supervision of the responsible federal authorities (BNetzA) and BSI).

Deutsche Telekom has defined binding internal security procedures and models. The "Privacy & Security Assessment" (PSA procedure for short) and the "Enterprise Security Architecture for Reliable ICT Services" (ESARIS) form the basis for the consistent implementation of and compliance with all ISMS requirements.

The technical systems of the Trust Center are operated in a fully redundant security data center that is audited in accordance with Trusted Site Infrastructure TSI V3.2 Dual Site and is certified accordingly.

The mandatory components of the TC ISMS, the secure technology and infrastructure, the security organization, the security processes and the security documentation are permanently checked and continuously improved as part of an active Plan-Do-Check-Act procedure.

In order to meet the particularly high standards of quality and reliability of the Trust Center ISMS, regular internal audits and a large number of external audits and certifications take place.