Title
Policies on GovRA Accreditation for Digital Signatures
Law
Icto Memorandum Circular No. 2014-001
Decision Date
Apr 25, 2014
The Philippine law establishes policies and procedures for accrediting government agencies as Government Registration Authorities (GovRAs) under the National Certification Scheme for Digital Signatures, with accreditation granted after evaluating compliance and valid for three years, subject to annual assessments.
digital signatures
accreditation
government registration authorities
A

Definition of Terms

  • Accreditation and Assessment Body: Philippine Accreditation Office (PAO) under DTI; accredits Certification Authorities (CAs) and ensures compliance
  • Certificate: Electronic document confirming identity for digital signature, either general or specific-use
  • Certificate Revocation List (CRL): Time-stamped list of revoked certificates signed by CA
  • Certification Authority (CA): Issues digital certificates and confirms subscriber’s public key; can be government or private
  • Digital Signature: Electronic signature created using asymmetric cryptosystem ensuring authenticity and integrity
  • Government Certification Authority (GovCA): Government body issuing digital certificates, designating GovRAs, and conducting assessments
  • Government Registration Authority (GovRA): Government agency performing administrative tasks such as end-user registration
  • Root Certification Authority (Root CA): Issues certificates to government and private CAs; part of ICT Office
  • Subscriber: Individual or entity applying for and using digital certificates
  • Personal Information Controller: Entity controlling collection, processing, or use of personal information, subject to exclusions

Government Registration Authority Accreditation

  • Accreditation granted after evaluation of applicant government agency's compliance
  • Certification valid for three years, subject to annual assessments

Conditions for Accreditation for GovRA

  • Validity: 3 years unless suspended or revoked
  • Basic technical agency requirements must be met (Annex A)
  • Application process includes letter and documentation submission within specified time frames
  • Document review by GovCA with opportunity for clarifications
  • Onsite assessment by appointed team with signed confidentiality agreements
  • Assessment includes review of operations manual and implementation of policies
  • Independent panel evaluates and recommends accreditation
  • Costs borne by the applicant agency
  • Accreditation certificate issued and published on GovCA website
  • Accreditation process to be completed within 90 days, with reapplication if delayed
  • Continuous compliance required; failure may result in revocation

Documentary Criteria for Applicant Evaluation

  • Disaster Recovery and Business Continuity Plan: Internal document detailing emergency response, system failure restoration, and evidence preservation
  • GovRA Operations Manual: Internal document describing daily operations, staff responsibilities, training plans, and implementation of security policies

Personnel Hiring Requirements

  • Background checks including police, NBI, and court clearances
  • Mandatory orientation on relevant laws and policies
  • Employment applications submitted to GovCA
  • Signed non-disclosure agreements
  • Training programs covering electronic commerce, digital signatures, data privacy, cybercrime laws, and GovRA procedures

Subscriber-Applicant Identification Processing

  • Individual applicants must present personal appearance, valid IDs from specified list, photo, contact information, and consent for verification
  • Juridical applicants require organizational documents, authorized representatives, and additional verifications
  • Specific requirements for government and non-government agencies and for SSL certificates applications

Privacy Policy

  • Personal information processing must comply with R.A. 10173 and principles of transparency, legitimacy, proportionality
  • Requirements include data collection for specified purposes, lawful processing, data accuracy, relevance, adequate retention, and data security
  • GovRA responsible for enforcing these principles

Amendments to Guidelines

  • Guidelines subject to change reflecting technology and policy advances
  • Amendments made in consultation with accredited GovRAs
  • Compliance timeframe of 90 days for new criteria

Other Applicable Laws and Penalties

  • Digital certificate use and issuance governed by R.A. 8792 (Electronic Commerce Act), R.A. 8484 (Access Devices Regulation Act), R.A. 7394 (Consumer Act)
  • Violations subject to penalties under these laws and their implementing rules and regulations

Directive to the DOST - ICT Office Records Officer

  • Ordered to furnish three certified true copies of this Circular and annex to University of the Philippines Law Center

Effectivity

  • Circular takes effect immediately upon approval

Annex A: Agency Requirements

  • Agencies must be authorized to collect fees
  • Adequate telephone and fax access
  • Minimum office space and facilities per GovRA employee
  • Privacy provisions such as teller-type enclosures
  • Sufficient power, lighting, air-conditioning
  • Computer systems meeting minimum specifications
  • Internet connectivity and compatible software for GovRA module
  • Security equipment like secure tokens, filing cabinets, UMID-card readers

This summary captures the essential provisions, definitions, procedures, requirements, privacy considerations, and related legal references in the prescribed accreditation policy for GovRAs under the Philippine National Certification Scheme for Digital Signatures.


Analyze Cases Smarter, Faster
Jur helps you analyze cases smarter to comprehend faster, building context before diving into full texts. AI-powered analysis, always verify critical details.

About Privacy Terms