You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

General

Description of the tasks that the RA Security Officer performs and what his responsibilities are in the administration of the e-identities in the RA organization.

Qualifications  

Before a person is assigned the role of RA Security Officer, an identity check must be made by a representative within the RA organization with the applicable mandate. At the identity check, the person who shall be assigned to the role must present a valid and nationally approved identity document.

A background check must be done on the person that is assigned the role.

The person assigned the role must not have another assignment within or outside the RA organization that can be considered to conflict with the work as RA Security Officer. For example, other RA roles like RA Auditor or any other RA Officer role.

The RA Security Officer must have sufficient training, time, and resources set aside to carry out his assignment.

Responsibilities and Duties

The following tasks are performed by the RA Security Officer:

  • Has the overall responsibility for establishing an RA domain with sufficient human resources to fulfill the organization's commitments.
  • Is responsible for ensuring that the RA domain complies with the rules and procedures of Pointsharp Secure Cloud Net iD regarding the application, ordering, handing out, and revocation of e-identities to persons related to the RA organization.
  • Is responsible for ensuring that all individuals who have an RA role have adequate knowledge and are suitable to maintain the organization's commitment, over time.
  • Is responsible for the management of permissions for other RA roles within the RA domain for access to the Pointsharp Secure Cloud Net iD Portal, if not handled by Pointsharp (RA organizations strictly handling LoA2).
  • Is responsible for reporting security incidents and defects to Pointsharp.
  • Is responsible for submitting the Declaration of Compliance to PsPT.
  • Is responsible for evaluating the RA domain's compliance with processes for the management of subscribers and e-identities.
  • Carries out risk analyzes within the RA domain.
  • Contribute to the establishment and management of continuity plans within the RA domain with tested and documented procedures.
  • Is responsible to do identity checks and background controls of the persons that will be assigned the following roles within the RA:
    • RA Central Officer
    • RA Local Officer
    • RA Report Officer
    • RA Helpdesk Officer
    • RA Auditor
  • Is responsible for the education of the RA officers.
  • Is responsible to control and evaluate compliance to the RA's obligations according to the Customer Agreement, the RA Trust Framework, and the CP/CPS for Pointsharp Secure Cloud Net iD SweID.

Other

If the RA Security Officer leaves the role, the RA organization must appoint a new RA Security Officer. During the absence of an RA Security Officer, the main Security Officer or another person responsible for security management at the RA organization temporarily takes over the obligations normally incumbent on the RA Security Officer. The name of the new person appointed to the RA Security Officer role or any temporary appointment of the role must be reported to PsPT at the time of the appointment.

In the absence of an RA Auditor, the RA Security Officer temporarily takes over the obligations normally incumbent on the RA Auditor. However, the RA Security Officer must not obtain corresponding authorizations in The Service.

  • No labels