Service Finder
Receive accreditation as a De-Mail service provider
Service Description
De-Mail provides a secure infrastructure for digital communication. De-Mail is similar to e-mail, but is more secure: the identity of the sender and recipient cannot be falsified and messages are transmitted exclusively via encrypted channels. Citizens, companies and public authorities can communicate securely via the service. This infrastructure is operated by accredited De-Mail service providers (DMDAs).
If you want to become a DMDA, you need accreditation. You can obtain this accreditation from the BSI on application. To do so, you must meet technical, organizational and data protection requirements. For example, you must provide proof of insurance with certain levels of cover and obtain certificates from the Federal Commissioner for Data Protection and Freedom of Information.
If you are accredited, you will receive a quality mark. You can use this quality mark to advertise the technical and administrative security of your services.
The accreditation is valid for three years, after which you must apply for re-accreditation.
Before you submit the application, you can meet with BSI employees. In an information meeting, they can explain the accreditation process to you as well as the associated organizational issues and costs.
Process flow
You must apply for accreditation as a De-Mail service provider in writing. The BSI recommends that you announce your application informally before you obtain the evidence.
Application phase:
- The BSI offers you an information meeting before you submit your application. During the interview, you can find out about the effort involved in the procedure and possible costs.
- Then complete the application form in full and send it to the BSI with all the necessary documents.
- The BSI will check your application for formal correctness and completeness. It will also check the evidence you have submitted for formal and factual accuracy, completeness and validity.
- The result of the assessment of your application is summarized by the BSI in an accreditation report. If you need to improve the documents submitted, the BSI will inform you of this.
Assessment phase:
- Based on the assessment of your application and the evidence, the BSI decides on your accreditation. It will inform you of its decision in writing.
- If you are accredited, the BSI will issue you with an accreditation certificate, the quality mark and a report on your accreditation. You must renew your accreditation after three years at the latest.
- Before a negative decision is sent, the BSI will inform you of the reasons for the rejection. You have two weeks to comment on this. If possible, the BSI will give you the opportunity to rectify the deficiencies.
Operational phase:
- As soon as your accreditation is complete, the operational phase begins: you may now offer your De-Mail services.
-
From the time of accreditation and the start of operation of the De-Mail services, you are subject to supervision by the BSI. This obliges you to do the following:
- You must report security vulnerabilities immediately.
- You must grant BSI employees access to business premises and relevant documents.
- You must inform the BSI immediately of any changes to your company that affect the accreditation requirements.
-
The BSI ensures continuous cooperation through meetings and workshops on an ad hoc basis. Under certain circumstances, the BSI may temporarily prohibit you from operating.
Requirements
As a De-Mail service provider, you must:
- have the necessary reliability and expertise to operate De-Mail services,
- have suitable insurance cover in order to be able to provide compensation for possible damages,
- meet the technical and organizational requirements so that you can provide the services reliably and securely, and
-
comply with data protection requirements when designing and operating De-Mail services.
Which documents are required?
General information about the company:
- Company presentation,
- Extract from the commercial, cooperative, partnership or association register,
- Copy of the business registration and
- Insolvency certificate (self-insurance) that the company is not in insolvency or liquidation.
The general proof of the company must not be older than six months.
Further proof required:
- Test certificates from certified IT security service providers De-Mail with the associated test reports (not older than six months),
- a data protection certificate from the Federal Commissioner for Data Protection and Information Security and
-
Proof of:
- Reliability,
- expertise and
-
insurance cover.
What are the fees?
The fees for your accreditation are based on the time required for the procedure. The following hourly rates apply:
- EUR 84.00 per hour for employees in the higher civil service,
- EUR 68.00 per hour for senior civil servants and
- EUR 54.00 per hour for employees in the intermediate service.
What deadlines do I have to pay attention to?
- Accreditation must be renewed after three years at the latest. You must submit the application at least three months before your accreditation expires.
Processing duration
maximum 3 months
Appeal
Forms: Application for accreditation as a De-Mail service provider
Online procedure possible: no
Written form required: yes
Personal appearance required: no
Further Information
Author
The text was automatically translated based on the German content.
- Accreditation as a De-Mail service provider Issue
Remark: Display of performance in the source portal
Technically approved by
Federal Ministry of the Interior, Building and Community
Professionally released on
14.08.2019
Source: Zuständigkeitsfinder Thüringen (Linie6PLus)
Competent Authority
Bundesamt für Sicherheit in der Informationstechnik (BSI), Referat SZ 25
Address
53175 Bonn, Stadt