CoSign Regulatory Information

Here you will find regulatory information pertaining to the use of CoSign electronic signatures in various countries.

Compliance with electronic signatures legislation & regulations

For many organizations, it is critical to protect their data at all times with PKI-based methods that meet the toughest regulations. CoSign complies the most stringent regulations recognized worldwide, allowing organizations to take advantage of this built-in capability and meet these regulations.

CoSign complies with numerous worldwide regulations including:

FDA's 21 CFR Part 11;

Health Insurance Portability and Accountability (HIPAA);

E-sign (Electronic Signature in Global and national Commerce Act);

EU VAT Directive;

EU Directive for Electronic Signatures;

Uniform Electronic Commerce Act (UECA);

ISO;

Sarbanes Oxley; and

FAA's CFR Title 14. This includes support for:

»	Air carriers under 14 CFR parts 121, 129, or 135;
»	Operators under 14 CFR parts 91, 125, 133, or 137;
»	Persons performing airmen certification under 14 CFR parts 61, 63, 65, 141, and 142;
»	Individuals performing maintenance or preventive maintenance under 14 CFR part 43;
»	Repair stations under 14 CFR part 145; and
»	Aviation maintenance technical schools under 14 CFR part 147

CoSign protects your business in a court of law and will not be questioned for compliance.

CoSign certifications for Electronic Signatures

CoSign’s hardware is designed to meet FIPS 140-2 Level 3 NIST standard requirements. CoSign also follows the internationally approved Common Criteria security standard (ISO/IEC 15408), and is currently undergoing Common Criteria EAL 4+ evaluation with the Secure Signature Creation Devices (SSCD) Protection Profile (CEN-CWA 14169). The Common Criteria SSCD validation provides the compliance with the EU Electronic Signature Directives (European Union Directive 1999/93/EC on Electronic Signature).

Typical legislation requirements for Electronic Signatures

The requirements varies from country to country. Taking the European Directive (EC Directive 99/93 on Electronic Signatures) as an example, the requirements from a standard (advanced) Electronic Signature are:

a	it is uniquely linked to the signatory;

b	The signature-creation-data used for signature generation cannot, with reasonable assurance, be derived and the signature is protected against forgery using currently available technology;

c	it is created using means that the signatory can maintain under his sole control; and

d	it is linked to the data to which it relates in such a manner that any subsequent change of the data is detectable;

Is CoSign a Secure Signature Creation Device (SSCD)?

The European Directive (EC Directive 99/93 on Electronic Signatures) defines SSCD as:

1. Secure signature-creation devices must by appropriate technical and procedural means to ensure at the least that:

»	The signature-creation-data used for signature generation can practically occur only once, and that their secrecy is reasonably assured;

»	The signature-creation-data used for signature generation cannot, with reasonable assurance, be derived and the signature is protected against forgery using currently available technology;

»	The signature-creation data used for signature generation can be reliably protected by the legitimate signatory against the use of others.

2. Secure signature-creation devices must not alter data to be signed or prevent such data from being presented to the signatory prior to the signature process.

CoSign has been self-qualified by ARX as a SSCD. In addition, CoSign is currently undergoing a Common Criteria evaluation (EAL 4+) under CWA 14169 (Protection Profile for SSCD) by an accredited assessment body.

Regulatory Compliance Statements

European Union (EU) - English
Germany - German or English

Quick Links

			Vea el demo
			Contacto
			ROI Calc
			Preguntas Frecuentes - FAQ
			Estudios de Caso
			Libros Blancos
			Folleto de Producto
			Asistir a un Webinar
			Cumplimiento de leyes y normativas