Our experienced team at Attestic provides specialized IT assurance services for eIDAS trust services, Public Key Infrastructures (PKI), and smart tachograph systems. Our expertise helps Qualified Trust Service Providers (QTSPs) and their subcontractors navigate compliance, security, and risk management with confidence.
Our Specializations:
Trustworthy Systems Audits
Ensure the core IT components within trust services meet the Trustworthy Systems requirements.
- We have performed multiple Trustworthy Systems audits on Certification Authority and Timestamping applications and their supporting platforms and IT infrastructure (product audits).
- These audits ensure that the products meet the requirements as states in the eIDAS regulation, ETSI EN 319 401, ETSI EN 319 411-1 and ETSI EN 319 411-2.
Smart Tachograph Certification
Compliance assessments for tachograph card issuers and related systems. These audits are usually performed based on national regulations, which are in turn based on the policies issued by European Root Certification Authority for the Smart Tachograph. Smart tachograph systems do not fall under the eIDAS Trust Services, but have a similarly strong PKI component and a statutory audit obligation from the EU.
SOC2
We also carry out SOC2 audits, where these are related to trust services. A SOC2 report can then provide additional assurance alongside your eIDAS certification.
Attestic follows a structured and transparent IT audit process to ensure compliance, security, and reliability for your trust services. Our audits are conducted in accordance with industry standards and professional practice requirements.
How It Works:
- Initial Consultation – We assess your needs and define the audit scope.
- Documentation Review – Our experts analyze policies, procedures, and security controls.
- On-Site Assessment – We conduct in-depth evaluations to verify compliance. The on-site assessment can be combined with remote sessions to achieve efficiency and reduce climate impact.
- Findings & Reporting – A detailed report outlines compliance status and improvement areas.
- Delivery – If requirements are met, we can provide you with the audit report containing a positive auditor opinion.
Our independent and impartial approach ensures that your organization meets regulatory requirements with confidence.
Contact us for a free introductory meeting or quote.
Patrick Paling is manager and your contact person for the Attestic IT-Assurance service.