General

Description of the tasks that the RA Security Officer performs and what his responsibilities are in the administration of the e-identities in the RA organization.  

The Qualifications section is only valid for those who claims to be LoA compliant. 

The Responsibility and Duties section has one Basic part and one Extended part. The Extended part is valid for LoA compliant organizations. 

Qualifications  

Before a person is assigned the role of RA Security Officer, an identity check must be made by a representative within the RA organization with the applicable mandate. At the identity check, the person who shall be assigned to the role must present a valid and nationally approved identity document.

A background check must be done on the person that is assigned the role.

The person assigned the role must not have another assignment within or outside the RA organization that can be considered to conflict with the work as RA Security Officer. For example, other RA roles like RA Auditor or any other RA Officer role.

The RA Security Officer must have sufficient training, time, and resources set aside to carry out his assignment.

Responsibilities and Duties

The following tasks are performed by the RA Security Officer.

Basic

• Has the overall responsibility for establishing an RA domain with sufficient human resources to fulfill the organization's commitments.
• Is responsible for ensuring that the RA domain complies with the rules and procedures of Pointsharp Secure Cloud Net iD regarding the application, ordering, handing out, and revocation of e-identities to persons related to the RA organization.
• Is responsible for ensuring that all individuals who have an RA role have adequate knowledge and are suitable to maintain the organization's commitment, over time.
• Is responsible for the management of permissions for other RA roles within the RA domain for access to The Service Portal, if not handled by Pointsharp (RA organizations strictly handling LoA2).
• Is responsible for reporting incidents and deviations to Pointsharp.

Extended (in addition to the Basic)

• Is responsible for evaluating the RA domain's compliance with processes for the management of subscribers and e-identities.
• Carries out risk analyzes within the RA domain.
• Contribute to the establishment and management of continuity plans within the RA domain with tested and documented procedures.
• Is responsible to do identity checks and background controls of the persons that will be assigned the following roles within the RA:
  • RA Central Officer
  • RA Local Officer
  • RA Report Officer
  • RA Helpdesk Officer
  • RA Auditor
    
• The RA Security Officer is responsible for the education of the RA officers.