Acts Online
GT Shield

Electronic Communications and Transactions Act, 2002 (Act No. 25 of 2002)

Accreditation Regulations

1. Definitions

 

In these regulations any word or expression to which a meaning has been assigned in the Act shall have the meaning so assigned and, unless the context otherwise indicates—

 

"audit"

means, in general, an audit by an auditor in compliance with Chapter VI of the Act and these regulations, and in the case of a certification service provider whose authentication products or services are based on Public Key Infrastructure "audit" means an audit by an auditor in compliance with Chapter VI of the Act and these regulations, including an audit in accordance with WebTrust, and "audit report" has a corresponding meaning;

 

"auditor"

means an independent auditing firm contemplated in section 36(1)(c) of the Act that has been nominated by the South African Accreditation Authority to the Panel of Auditors specified on its website;

 

"certification practice statement"

means a statement issued by a certification service provider to specify the practices that it employs in generating and issuing certificates;

 

"certificate policy"

means a named set of rules that indicates the applicability of a certificate to a particular community or class of application or both such community and class, as the case may be, with common security requirements;

 

"constitutive documents"

means, in the case of—

(a) a legal person, certified copies of the memorandum and articles of association, certificate of incorporation or founding statement, as the case may be;
(b) a natural person, his or her ID book or passport;
(c) a partnership, the partnership agreement; or
(d) a trust, the trust deed;

 

"evaluator"

means any expert consultant engaged by the South African Accreditation Authority to monitor, inspect or evaluate an authentication service provider or its authentication products or services resulting in and used to support an electronic signature, to ensure compliance with Chapter VI of the Act and these regulations;

 

"SANS 21188"

means SANS 21 188:2006, Public key infrastructure for financial services - Practices and policy framework, a South African National Standard adopted by the South African Bureau of Standards on 13 October 2006;

 

"ITU X.509"

means the International Telecommunication Union's recommendation X.509, Information technology - Open systems interconnection - The directory:Public-key and attribute certificate frameworks, approved in August 2005;

 

"PKI"

means Public Key Infrastructure;

 

"reliance limit"

means the monetary limit specified for reliance on an advanced electronic signature;

 

"revoke"

means, in relation to a certificate issued by a certification service provider, to terminate the operational period of a certificate from a specific time;

 

"SABS/ISO 17799"

means the code of practice for information security management accepted as a national standard by the South African Bureau of Standards (SABS ISOIIEC 17799) in accordance with SABS procedures on 16 February 2001;

 

"signature creation data"

means unique data, such as codes or private cryptographic keys, that are used by the signatory identified in a digital certificate to create an electronic signature;

 

"signature verification data"

means data such as codes or public cryptographic keys that are used for the purpose of verifying an electronic signature;

 

"South African Accreditation Authority"

means the Accreditation Authority established in terms of section 34 of the Act;

 

"suspend"

means, in relation to a certificate issued by a certification service provider, to suspend temporarily the operational period of a certificate from a specific time;

 

"the Act"

means the Electronic Communications and Transactions Act, 2002 (Act No. 25 of 2002);

 

"trustworthy system"

means computer hardware, software systems and procedures that comply with the criteria contemplated in section 38(3) of the Act;

 

"WebTrust"

means the principles and criteria of the WebTrust Program for Certification Authorities developed by the American Institute of Certified Public Accountants, Inc. and the Canadian Institute of Chartered Accountants.