responsibility finder
Schleswig-Holstein

Receive accreditation as a De-Mail service provider

Source: Zuständigkeitsfinder Schleswig-Holstein (Linie6PLus)

Service Description

If you would like to obtain accreditation as a De-Mail service provider, you can apply for this from the Federal Office for Information Security (BSI).

De-Mail provides a secure infrastructure for digital communication. De-Mail is similar to e-mail, but is more secure: the identity of the sender and recipient cannot be falsified and messages are transmitted exclusively via encrypted channels. Citizens, companies and public authorities can communicate securely via the service. This infrastructure is operated by accredited De-Mail service providers (DMDAs).

If you want to become a DMDA, you need accreditation. You can obtain this accreditation from the BSI on application. To do so, you must meet technical, organizational and data protection requirements. For example, you must provide proof of insurance with certain levels of cover and obtain certificates from the Federal Commissioner for Data Protection and Freedom of Information.

If you are accredited, you will receive a quality mark. You can use this quality mark to advertise the technical and administrative security of your services.

The accreditation is valid for three years, after which you must apply for re-accreditation.

Before you submit the application, you can meet with BSI employees. In an information meeting, they can explain the accreditation process to you as well as the associated organizational issues and costs.


Process flow

You must apply for accreditation as a De-Mail service provider in writing. The BSI recommends that you announce your application informally before you obtain the evidence.

Application phase:

  • The BSI offers you an information meeting before you submit your application. During the interview, you can find out about the effort involved in the procedure and possible costs.
  • Then complete the application form in full and send it to the BSI with all the necessary documents.
  • The BSI will check your application for formal correctness and completeness. It will also check the evidence you have submitted for formal and factual accuracy, completeness and validity.
  • The result of the assessment of your application is summarized by the BSI in an accreditation report. If you need to improve the documents submitted, the BSI will inform you of this.

Assessment phase:

  • Based on the assessment of your application and the evidence, the BSI decides on your accreditation. It will inform you of its decision in writing.
  • If you are accredited, the BSI will issue you with an accreditation certificate, the quality mark and a report on your accreditation. You must renew your accreditation after three years at the latest.
  • Before a negative decision is sent, the BSI will inform you of the reasons for the rejection. You have two weeks to comment on this. If possible, the BSI will give you the opportunity to rectify the deficiencies.

Operational phase:

  • As soon as your accreditation is complete, the operational phase begins: you may now offer your De-Mail services.
  • From the time of accreditation and the start of operation of the De-Mail services, you are subject to supervision by the BSI. This obliges you to do the following:
    • You must report security vulnerabilities immediately.
    • You must grant BSI employees access to business premises and relevant documents.
    • You must inform the BSI immediately of any changes to your company that affect the accreditation requirements.
  • The BSI ensures continuous cooperation through meetings and workshops on an ad hoc basis. Under certain circumstances, the BSI may temporarily prohibit you from operating.
Requirements

As a De-Mail service provider, you must:

  • have the necessary reliability and expertise to operate De-Mail services,
  • have suitable insurance cover in order to be able to provide compensation for possible damages,
  • meet the technical and organizational requirements so that you can provide the services reliably and securely, and
  • comply with data protection requirements when designing and operating De-Mail services.
Which documents are required?

General information about the company:

  • Company presentation,
  • Extract from the commercial, cooperative, partnership or association register,
  • Copy of the business registration and
  • Insolvency certificate (self-insurance) that the company is not in insolvency or liquidation.

The general proof of the company must not be older than six months.

Further proof required:

  • Test certificates from certified IT security service providers De-Mail with the associated test reports (not older than six months),
  • a data protection certificate from the Federal Commissioner for Data Protection and Information Security and
  • Proof of:
    • Reliability,
    • expertise and
    • insurance cover.
What are the fees?

The fees for your accreditation are based on the time required for the procedure. The following hourly rates apply:

  • EUR 84.00 per hour for employees in the higher civil service,
  • EUR 68.00 per hour for senior civil servants and
  • EUR 54.00 per hour for employees in the intermediate service.
What deadlines do I have to pay attention to?
  • Accreditation must be renewed after three years at the latest. You must submit the application at least three months before your accreditation expires.
Processing duration

maximum 3 months

Legal basis
Applications / forms

Forms: Application for accreditation as a De-Mail service provider

Online procedure possible: no

Written form required: yes

Personal appearance required: no

Author
Forwarding service: Deep link to the original portal

The text was automatically translated based on the German content.

Technically approved by

Federal Ministry of the Interior, Building and Community

Professionally released on

14.08.2019

Teaser

If you would like to obtain accreditation as a De-Mail service provider, you can apply for this from the Federal Office for Information Security (BSI).

Process flow

You must apply for accreditation as a De-Mail service provider in writing. The BSI recommends that you announce your application informally before you obtain the evidence.

Application phase:

  • The BSI offers you an information meeting before you submit your application. During the interview, you can find out about the effort involved in the procedure and possible costs.
  • Then complete the application form in full and send it to the BSI with all the necessary documents.
  • The BSI will check your application for formal correctness and completeness. It will also check the evidence you have submitted for formal and factual accuracy, completeness and validity.
  • The result of the assessment of your application is summarized by the BSI in an accreditation report. If you need to improve the documents submitted, the BSI will inform you of this.

Assessment phase:

  • Based on the assessment of your application and the evidence, the BSI decides on your accreditation. It will inform you of its decision in writing.
  • If you are accredited, the BSI will issue you with an accreditation certificate, the quality mark and a report on your accreditation. You must renew your accreditation after three years at the latest.
  • Before a negative decision is sent, the BSI will inform you of the reasons for the rejection. You have two weeks to comment on this. If possible, the BSI will give you the opportunity to rectify the deficiencies.

Operational phase:

  • As soon as your accreditation is complete, the operational phase begins: you may now offer your De-Mail services.
  • From the time of accreditation and the start of operation of the De-Mail services, you are subject to supervision by the BSI. This obliges you to do the following:
    • You must report security vulnerabilities immediately.
    • You must grant BSI employees access to business premises and relevant documents.
    • You must inform the BSI immediately of any changes to your company that affect the accreditation requirements.
  • The BSI ensures continuous cooperation through meetings and workshops on an ad hoc basis. Under certain circumstances, the BSI may temporarily prohibit you from operating.

Requirements

As a De-Mail service provider, you must:

  • have the necessary reliability and expertise to operate De-Mail services,
  • have suitable insurance cover in order to be able to provide compensation for possible damages,
  • meet the technical and organizational requirements so that you can provide the services reliably and securely, and
  • comply with data protection requirements when designing and operating De-Mail services.

Which documents are required?

General information about the company:

  • Company presentation,
  • Extract from the commercial, cooperative, partnership or association register,
  • Copy of the business registration and
  • Insolvency certificate (self-insurance) that the company is not in insolvency or liquidation.

The general proof of the company must not be older than six months.

Further proof required:

  • Test certificates from certified IT security service providers De-Mail with the associated test reports (not older than six months),
  • a data protection certificate from the Federal Commissioner for Data Protection and Information Security and
  • Proof of:
    • Reliability,
    • expertise and
    • insurance cover.

What are the fees?

The fees for your accreditation are based on the time required for the procedure. The following hourly rates apply:

  • EUR 84.00 per hour for employees in the higher civil service,
  • EUR 68.00 per hour for senior civil servants and
  • EUR 54.00 per hour for employees in the intermediate service.

What deadlines do I have to pay attention to?

  • Accreditation must be renewed after three years at the latest. You must submit the application at least three months before your accreditation expires.

Processing duration

maximum 3 months

Legal basis

Applications / forms

Forms: Application for accreditation as a De-Mail service provider

Online procedure possible: no

Written form required: yes

Personal appearance required: no

Author

Forwarding service: Deep link to the original portal

The text was automatically translated based on the German content.

Technically approved by

Federal Ministry of the Interior, Building and Community

Professionally released on

14.08.2019

Further information and offers