e-trust: Ohne Vertrauen keine Kunden, und ohne Kunden kein Geschäft!

Transkript

1 International Confidence-building initiative ebusiness When trust is on your side e-trust: Ohne Vertrauen keine Kunden, und ohne Kunden kein Geschäft! Legal Compliance, Trust and Security for Consumers and e-application suppliers - Based on CWA e-trust Trends & Drivers im egovernment CC egov, 30. April 2004, Bern Robert P. Hilty, Chairman CEN WS e-trust (C) e-comtrust International Association A.S.B.L.

2 Ausgangslage Die Bürger sind verunsichert und nutzen die egovernment / ecommerce Möglichkeiten nur teilweise. Das Internet-Recht ist international nicht einheitlich geregelt. Das führt zu folgenden Situationen: Ohne rechtlichen Schutz haben eapplikations Anbieter (staatliche & private) keinen genügenden Investitions-Schutz und tragen demzufolge ein höheres Risiko als in der "old economy"! Dies hemmt die wirtschaftliche Entwicklung in wichtigen innovativen Märkten Proaktive internationale Regeln (auf der Basis von Selbst- und Co- Regulierung) sind demzufolge dringendst notwendig und erwünscht Der IT-Security Technologie fehlen verbindliche Richtlinien für den elektronischen Geschäftsverkehr.

3 Entwicklungsgeschichte: e-trust & e-comtrust SNV (CH) (INB TK 191) Online Dienstleistungen Marktauftritt & Markttransaktionen (Kick-Off: ) Publikation: SNR :2002 CEN Brüssel Workshop Arbeiten (WS e-trust) Start: Final Review: Closed: CEN Publication: Europa: CEN CWA /2/3:2003 Schweiz: SNR CWA /2/3: EU: CH:

4 Einbettung von e-trust Private Quality Seals National Standardization International Standardization CEN (CEN - TC/CWA) Standardization of Associations

5 Der neue Ansatz Vision & Realität: E-(COM)TRUST EUROPEAN COMMUNITY TRUST ELECTRONIC COMMERCE TRUST

6 Das Vertrauensmodell Law Legal compliance IT Security Technology Process Quality Assessment

7 Das 3-Stufenmodell e.g. ISO 9001/ IT & Communication Security Online Buisness Process / Quality Assessment e.g. ISO ISO BS Legal compliance based on EU legislation and directives as well as national legislation European law based on minimal Standards CEN CWA e-trust

8 Das 3-Säulenprinzip e-comtrust Initiative Nationale Standardisierung (SNV) Internationale Standardisierung (CEN)

9 Grundlagen der Normierung 1 Wie kommen Zertifikate oder Gütesiegel zustande? Ein Experte entwirft ein System Ein Team aus Experten und Anwendern entwerfen eine harmonisierte Norm/Standard Ein Gesetzgeber erlässt ein Gesetz oder eine Verordnung H.P. Homberger, SNV

10 Normendefinition SN EN 45020: Seite 13 weiter: Eine Norm ist ein Dokument, das mit Konsens erstellt und von einer anerkannten Institution angenommen wurde und das für die allgemeine und wiederkehrende Anwendung Regeln, Leitlinien oder Merkmale für die Tätigkeiten oder deren Ergebnisse festlegt, wobei ein optimaler Ordnungsgrad in einem gegebenen Zusammenhang angestrebt wird." Die Betonung liegt also auf: Konsens Anerkennung Wiederkehrende Anwendung

11 Grundlagen der Normierung 2 Ein Experte entwirft ein System Ein Team aus Experten und Anwendern entwerfen eine harmonisierte Norm/ Standard Ein Gesetzgeber erlässt ein Gesetz oder eine Verordnung Grosse Offenheit Limitierte Offenheit dominiert durch Partikulärinteressen harmonisiert und demokratisch legitimiert H.P. Homberger, SNV

12 Das CEN Workshop Agreement Inhalt Ziel: Zusammenfassende Zusammenfassende Inhalt: Unterstützende Darstellung der in Europa geltenden Richtlinien, nationalen Gesetze und Selbstregulierungen für eapplikationen Richtlinie für eapplikationen und deren Partner (SW Ersteller, Web Designer, Hoster, Logistik) Minimum Best Practices für Business Process Management Security Management System

13 Das CEN Workshop Agreement Status Das CEN Workshop Agreement (CWA) wurde im Juli 2003 fertiggestellt und wurde am durch CEN publiziert. Die SNV Norm ist zurückgezogen und wurde ersetzt durch das SNR CWA /2/3:2003 Drei Teile: Regulatory & Self-Regulatory Requirements Convenor: Dr. Rita Esen, Cyber Law Services, UK Business Processes Convenor: Dr. Thomas Fehlmann, Euro Project Office AG, CH Security Convenor: Prof. Eugenio Marogna, SIA, Milano

14

15

16

17 Anforderungen in den verschiedenen Phasen Datenschutz / Immaterialgüterrecht / Handelsrecht / Strafrecht / Schutz von Kindern Minimale rechtliche Grundlagen Minimale rechtliche Grundlagen Minimale rechtliche Grundlagen Minimale rechtliche Grundlagen Informationsphase Vertragsphase Abschlussphase Erfüllungsphase

18 Anforderungen (Recht, Prozesse, Sicherheit) Informationsphase Abschlussphase Vertragsphase Erfüllungsphase Anbieteridentifikation AGB Auslieferung Kundendienst - Minimale Informationen - Zusatzangaben - PLausibilität - Erreichbarkeit - Druckmöglichkeit - Übermittlung - Sprache - Vollständigkeit - Haftung - Identifikation - Währung Angebot - Grungangaben - Gültigkeit - Zahlungsmodalitäten - Besondere Informationsbedürfnisse - Lesbarkeit - Version - Eingabefehler - Einbindung AGB - Verfügbarkeit AGB - Druckmöglichkeit AGB - Format der AGB - Sprache - Besondere Abmachungen Vertragsinhalt - Form, Gültigkeit - Registration - Darstellung - Vertragsbeginn -Lieferdatum - Bekanntgabe des Lieferdatums - Information im Falle von Lieferverzögerungen - Betriebsstörung Zahlung - Vorauszahlung - Zahlungsinformation - Kreditkarte, LSV - Kreditkartenkauf und Widerruf - Teilzahlungen - Preiserhöhungen Widerruf - Kontakt - Beschwerdeverfahren -Nachfass - Information über Haftungseinschränkung en Widerruf -Termine -Kosten Garantie - Nachweispflicht - Rechte des Kunden - Mängelrüge... Vertragsannahme - Form der Annahme - Inhalt der Auftragsbestätigung Informationspflicht..

19 Struktur des CWA e-trust Bürger eapplikation Gesetzliche und selbstregulatorische Anforderungen Geschäftsprozesse Sicherheitsmassnahmen Org. Unit 1 - Hoster - Org. Unit 2 - SW - Org. Unit 3 - Shop - Org. Unit 4 - Logistik - Org. Unit 5 - Hotline- Org. Unit 6 - Zahlungen -

20 Stufen CWA Adoption Self Assessment Prozess Re-engineering Zertifikat Checklisten Anpassung der Geschäftsprozesse Audit

21 Unabhängige Zertifizierungsorganisation Ein Team aus Experten und Anwendern entwerfen eine harmonisierte Norm/ Standard. national europäisch international Akkreditierung Unabhängige Zertifizierungskommission

22 Die Zertifizierung CEN CWA CWA Zertifizierungsverfahren Genehmigt Verfahren und Checklisten Juli Sep Aug. Okt ff SNV Ab November 2003 Norm Norm E-Trust Siegel eapplikation Auditreport Auditiert Zertifizierer

23 Zertifizierungsprozess 3 Prüfung & Bericht & Vergabeantrag Zertifikatsvergabe Zertifizierungs-Kommission economiesuisse e-comtrust Schweiz SNV SwissICT 1 Prüfung Konformitätsprüfung e-comtrust International AG Prüfer-Team 2 4 Markennutzung Online-Angebot

24 Verifikationsdatenbank

25 eeurope Ziel ist die Integration Europas mit Hilfe des Internet Schwachpunkte Zugang zum Internet Rechtslage Vertrauen Fehlende PKI Infrastruktur Massnahmen 2002/21/EC 2002/20/EC ( Framework Directive ) ( Authorisation Directive ) 2002/19/EC ( Access Directive ) 2002/18/EC ( Universal Service Directive ) 2002/58/EC ( Data Protection Directive ) etc.

26 Umsetzung von eeurope Nationale Gesetzgebung Autonomer Aufbewahrungspflicht Gesetze Nachvollzug im Datenschutzgesetz elektronischer Dokumente und Verordnungen über den Distanzhandel Wirtschaftsförderung Trust building is an overarching issue in the information society and should be given equal emphasis alongside such technologies as digital signature, CEST Expertenbericht 3/02 i.a. des EVD

27 Resultate Verifizierte eapplikationen bringen die Grundlage für das Vertrauen von Anwendern (Bürgern) e-comtrust deckt die meisten bestehenden Gütesiegel: Identität (VeriSign, Thawne, u.v.m.) Prozesse (ISO 9000 falls für die Applikation von Bedeutung) Sicherheit (BS 7799) hat eine Europäische Abdeckung und Anerkennung Verifizierte Partner Hoster Web-Designer Software-Entwickler Logistiker

28 Resultate: Zugang zu globalen Märkten Das Internet ist global Anbieten einer eapplikation irgendwo in der Welt, kann weltweiten Zugang bedeuten. Dies öffnet neue Wege zu Entwicklungsländern und neuen Märkten. Konsumenten können einem Vertrag vertrauen Rechtliche Korrektheit Das e-trust Siegel verspricht, dass der Anbieter seinen Vertrag erfüllen kann

29 Nutzen von Zertifikaten Risiko-Minimierung, Sicherheit Arbeiten nach dem Stand der Technik, Stand des Wissens Kommunikationshilfe an den Kunden, Lieferanten, Geschäftspartner Vertrauensbildung Selbstregulierung anstelle von Gesetzen Wettbewerbsvorteile

30 Praxisbeispiel AWA ZH Schalter weltweit während 7 x 24 h offen Leichter Zugang (keine smart cards, Strichcodes o.ä.) Erleichterte elektronische Eingabe und Verwaltung von Gesuchen In 10 Clicks zu Bewilligung Nutzerfreundliche Navigation Deutsch und Englisch Elektronische Bewilligungen

31 Grundsätze WP Radikale Kundenorientierung (customer value) Potential b2b und b2c voll nutzen Datenschutz und optimale Sicherheit Eingliederung in Portal Kanton Zürich Prozessorientierte Organisation Einbezug der benachbarten Arbeitsämter Mit Risiken und Kinderkrankheiten ist zu rechnen

32 Nutzen für das AWA Verfahrenserleichterung für KMUs Schlagendes Argument bei Ansiedlungen Vereinfachung Massengeschäft Leichtere Abwicklung durch Sachbearbeitende Höhere Produktivität = Höherer Ertrag Papierloses Verfahren

33 Anwender Qualifizierte Firmenkunden Gemeinsame Erstellung von Bewilligungen im System Voraussetzung: - Vertrauen - Schulung - Vereinbarung Vorteile: - Bewilligungen in 3 = schnellste Plattform weltweit - Enge Kundenbindung

34 Der e-gov Auftritt ewp im Internet Rechtskonformität des öffentlichen Auftritts fördert Vertrauen Arbeitsbewilligung: Funktion für Einzelgesuchsteller und Unternehmer, beide aktiv geprüft e-comtrust Prüfer und Anwendbarkeit von CWA Kriterien im e-government Umsetzung des Content durch Webmaster

35 Checklisten CWA e-truste Part 2 und 3 Process Criteria Preliminary Findings Contribution: 1) What is the process? Objective Evidence: 1.1) <Enter process step 1.1> 1.2) <Enter process step 1.2> 1.3) <Enter process step 1.3> 1.4) <Enter process step 1.4> 1.5) <Enter process step 1.5> Add criteria in the language understood by the audited organizations Leave empty for recording preliminary findings Explain how they do it 2) Which information flows exist? Objective Evidence: 2.1) <Enter information flow 2.1> Set Relative Weight: Org. Unit 1 Org. Unit 2 Org. Unit 3 Org. Unit 4 Org. Unit 5 Org. Unit 6 e-shop Supplier s Process Landscape(s) Interviews SLA and Contract 2.2) <Enter information flow 2.2> 2.3) <Enter information flow 2.3> 2.4) <Enter information flow 2.4> Explain what they know 3) What records are created? Objective Evidence: 3.1) <Enter record 3.1> Consumer s View 3.2) <Enter record 3.2> 3.3) <Enter record 3.3> 3.4) <Enter record 3.4> Assess process records 4) Which tools are in use? Objective Evidence: 4.1) <Enter tool 4.1> 4.2) 4.3) <Enter tool 4.2> <Enter tool 4.3> Assess tools Total Units Weighted Total:

36 Evaluation Grade Process Information Flow Records Tools 1) There is no discernible process. Processes are completely ad-hoc Information is forwarded by chance only Records do not resemble each other and mostly are not available No consistent use of tools 2) There are people (champions) working in the organisation who follow a systematic approach. Those champions will usually inform people and organizations who should know according the CWA Records are available and can sometimes be shown Champions use tools if they have access to them. 3) Repeatable processes exist and are consistently followed There exist distribution lists and evidence for their proper use according the process Records are kept in a consistent manner Tools are identified and available 4) Repeatable processes exist, are consistently followed and conform to the CWA requirements 5) Processes follow best practices, are measured, managed, and improved in a systematic manner There exist distribution lists and evidence for their proper use acc. the requirements of the CWA including partners and consumers. There exist self correc-tive feedback loops ensuring information is not only forwarded but understood Records are kept in a consistent manner and kept according the law. Privacy is assured and consumer data are protected. Records are readily available for improving the processes Tools are appropriate to handle consumer feedback, requests, and complaints acc. the CWA Tools are regularly reviewed for new opportunities for improvement

37 Audit Resultat Criteria Finding Trust Contr. e-shop Key Process Areas Part 2-3 Consumer needs P2-3.1 Understanding Consumer's Needs Part 2 KPA-2.2 e-shop Design P2-3.2 Logistics concept trust in delivery 3.9 None 5.0 Part 2 KPA-2.7 Logistics Operations P2-3.3 Social and cultural requirements Part 2 KPA-2.2 e-shop Design Part 2-4 Consumer interfaces P2-4.1 Requirements analysis Part 2 KPA-2.2 e-shop Design P2-4.2 Verification process 3.4 None 3.2 Part 2 KPA-2.4 Software Development P2-4.3 Content management Part 2 KPA-2.1 Organization P2-4.4 a) Usability - General Part 2 KPA-2.3 e-shop Operations P2-4.4 b) Usability - Contracts Part 1 KPA-1.1 European Regulatory Compliance P2-4.5 Infrastructure requirements and application services Part 2 KPA-2.6 Hoster Operations P2-4.6 Trust indicators Part 2 KPA-2.3 e-shop Operations Part 2-5 Process management P2-5.1 Business policy and ethics Part 2 KPA-2.1 Organization Business process modelling P2-5.2 a) Business process modelling - Business planning Part 2 KPA-2.2 e-shop Design P2-5.2 b) Business process modelling - Customer behaviour Part 2 KPA-2.3 e-shop Operations P2-5.2 c) Business process modelling - Functional modelling Part 2 KPA-2.4 Software Development P2-5.2 d) Business process modelling - Smart company Part 2 KPA-2.5 Software Maintenance P2-5.2 e) Business process modelling - Business process design Part 2 KPA-2.2 e-shop Design Business process implement. P2-5.3 a) Business process implementation - Payment Part 2 KPA-3.2 Application Reliability P2-5.3 b) Business process implementation - Delivery Part 2 KPA-2.7 Logistics Operations P2-5.3 c) Business process implementation - Consumer care Part 2 KPA-2.3 e-shop Operations P2-5.3 d) Business process implementation - Monitoring Part 2 KPA-2.7 Logistics Operations New product development P2-5.4 a) New product development - Project concept Part 2 KPA-2.2 e-shop Design P2-5.4 b) New product development - Planning and scheduling Part 2 KPA-2.4 Software Development P2-5.4 c) New product development - Business feasibility Part 2 KPA-2.7 Logistics Operations P2-5.4 d) New product development - Product Launch Part 2 KPA-2.1 Organization Resource management P2-5.5 a) Resource management - Financial resources Part 2 KPA-2.3 e-shop Operations P2-5.5 b) Resource management - Human resources Part 2 KPA-2.1 Organization P2-5.5 c) Resource management - Information management Part 2 KPA-2.1 Organization Supply chain management P2-5.6 a) Supply chain management - Identification of consumer Part 1 KPA-1.2 Compliance with National Laws P2-5.6 b) Supply chain management - Identification of supplier Part 1 KPA-1.2 Compliance with National Laws P2-5.6 c) Supply chain management - Consistency checks Part 3 KPA-3.2 Application Reliability P2-5.6 d) Supply chain management - Transactions Part 2 KPA-2.7 Logistics Operations Business partner managemen P2-5.7 a) Business partner management - Interfaces Part 2 KPA-2.3 e-shop Operations P2-5.7 b) Business partner management - Managing SLA's Part 2 KPA-2.3 e-shop Operations Part 2-6 Technology management P2-6.1 Infrastructure Part 2 KPA-2.6 Hoster Operations P2-6.2 Feedback from operation Part 2 KPA-2.3 e-shop Operations Part 2-7 Supplier interfaces P2-7.1 Feedback to customers Part 2 KPA-2.3 e-shop Operations P2-7.2 Handling of complaints Part 1 KPA-1.2 Compliance with National Laws P2-7.3 Issue resolution Part 2 KPA-2.3 e-shop Operations Part 2-8 Supplier view P2-8.1 Internal communication Part 2 KPA-2.1 Organization P2-8.2 Sustainability Part 2 KPA-2.3 e-shop Operations P2-8.3 Regulatory and self-regulatory compliance Part 1 KPA-1.2 Compliance with National Laws Part 3-6 Requirements on supplier P3-6.1 Security policy Part 2 KPA-2.1 Organization Security management P3-6.2 a) Security management system Part 2 KPA-2.1 Organization P3-6.2 b) Security management framework and role model Part 2 KPA-2.1 Organization P3-6.2 c) Personnel Part 2 KPA-2.3 e-shop Operations P3-6.2 d) Roles and responsibilities Part 3 KPA-3.2 Application Reliability P3-6.3 Risk analysis and reliability assessment 2.0 None 4.6 Part 3 KPA-3.2 Application Reliability P3-6.4 Inventory and classification of company assets 1.4 None 5.0 Part 2 KPA-2.7 Logistics Operations ICT security functions P3-6.5 a) ICT security functions - General considerations 3.4 None 4.1 Part 3 KPA-3.3 Operational Security P3-6.5 b) User identification and authorization 3.7 None 4.1 Part 3 KPA-3.3 Operational Security P3-6.5 c) Security of data, servers, networks, media and content Part 3 KPA-3.3 Operational Security P3-6.5 d) Backup and disaster recovery Part 3 KPA-3.3 Operational Security P3-6.5 e) Non repudiation Part 1 KPA-1.2 Compliance with National Laws Change management P3-6.6 a) Modifications to the e-business infrastructure Part 2 KPA-2.2 e-shop Design P3-6.6 b) Operations monitoring Part 3 KPA-3.2 Application Reliability P3-6.6 c) Test environment and extensions 2.0 None 4.6 Part 3 KPA-3.2 Application Reliability P3-6.7 Guidelines for consumers Part 1 KPA-1.2 Compliance with National Laws Part 3-7 Requirements on partners P3-7 Contractual regulation and data transfer Part 2 KPA-2.7 Logistics Operations Total Trust Score Criteria Finding Trust Contr. e-shop Key Process Areas Part 2-3 Consumer needs P2-3.1 Understanding Consumer's Needs Part 2 KPA-2.2 e-shop Design P2-3.2 Logistics concept trust in delivery 3.9 None 5.0 Part 2 KPA-2.7 Logistics Operations P2-3.3 Social and cultural requirements Part 2 KPA-2.2 e-shop Design Part 2-4 Consumer interfaces P2-4.1 Requirements analysis Part 2 KPA-2.2 e-shop Design P2-4.2 Verification process 3.4 None 3.2 Part 2 KPA-2.4 Software Development P2-4.3 Content management Part 2 KPA-2.1 Organization P2-4.4 a) Usability - General Part 2 KPA-2.3 e-shop Operations P2-4.4 b) Usability - Contracts Part 1 KPA-1.1 European Regulatory Compliance P2-4.5 Infrastructure requirements and application services Part 2 KPA-2.6 Hoster Operations P2-4.6 Trust indicators Part 2 KPA-2.3 e-shop Operations Part 2-5 Process management P2-5.1 Business policy and ethics Part 2 KPA-2.1 Organization Business process modelling P2-5.2 a) Business process modelling - Business planning Part 2 KPA-2.2 e-shop Design P2-5.2 b) Business process modelling - Customer behaviour Part 2 KPA-2.3 e-shop Operations P2-5.2 c) Business process modelling - Functional modelling Part 2 KPA-2.4 Software Development P2-5.2 d) Business process modelling - Smart company Part 2 KPA-2.5 Software Maintenance P2-5.2 e) Business process modelling - Business process design Part 2 KPA-2.2 e-shop Design Business process implement. P2-5.3 a) Business process implementation - Payment Part 2 KPA-3.2 Application Reliability P2-5.3 b) Business process implementation - Delivery Part 2 KPA-2.7 Logistics Operations P2-5.3 c) Business process implementation - Consumer care Part 2 KPA-2.3 e-shop Operations P2-5.3 d) Business process implementation - Monitoring Part 2 KPA-2.7 Logistics Operations New product development P2-5.4 a) New product development - Project concept Part 2 KPA-2.2 e-shop Design P2-5.4 b) New product development - Planning and scheduling Part 2 KPA-2.4 Software Development P2-5.4 c) New product development - Business feasibility Part 2 KPA-2.7 Logistics Operations P2-5.4 d) New product development - Product Launch Part 2 KPA-2.1 Organization Resource management P2-5.5 a) Resource management - Financial resources Part 2 KPA-2.3 e-shop Operations P2-5.5 b) Resource management - Human resources Part 2 KPA-2.1 Organization P2-5.5 c) Resource management - Information management Part 2 KPA-2.1 Organization Supply chain management P2-5.6 a) Supply chain management - Identification of consumer Part 1 KPA-1.2 Compliance with National Laws P2-5.6 b) Supply chain management - Identification of supplier Part 1 KPA-1.2 Compliance with National Laws P2-5.6 c) Supply chain management - Consistency checks Part 3 KPA-3.2 Application Reliability P2-5.6 d) Supply chain management - Transactions Part 2 KPA-2.7 Logistics Operations Business partner managemen P2-5.7 a) Business partner management - Interfaces Part 2 KPA-2.3 e-shop Operations P2-5.7 b) Business partner management - Managing SLA's Part 2 KPA-2.3 e-shop Operations Part 2-6 Technology management P2-6.1 Infrastructure Part 2 KPA-2.6 Hoster Operations P2-6.2 Feedback from operation Part 2 KPA-2.3 e-shop Operations Part 2-7 Supplier interfaces P2-7.1 Feedback to customers Part 2 KPA-2.3 e-shop Operations P2-7.2 Handling of complaints Part 1 KPA-1.2 Compliance with National Laws P2-7.3 Issue resolution Part 2 KPA-2.3 e-shop Operations Part 2-8 Supplier view P2-8.1 Internal communication Part 2 KPA-2.1 Organization P2-8.2 Sustainability Part 2 KPA-2.3 e-shop Operations P2-8.3 Regulatory and self-regulatory compliance Part 1 KPA-1.2 Compliance with National Laws Part 3-6 Requirements on supplier P3-6.1 Security policy Part 2 KPA-2.1 Organization Security management P3-6.2 a) Security management system Part 2 KPA-2.1 Organization P3-6.2 b) Security management framework and role model Part 2 KPA-2.1 Organization P3-6.2 c) Personnel Part 2 KPA-2.3 e-shop Operations P3-6.2 d) Roles and responsibilities Part 3 KPA-3.2 Application Reliability P3-6.3 Risk analysis and reliability assessment 2.0 None 4.6 Part 3 KPA-3.2 Application Reliability P3-6.4 Inventory and classification of company assets 1.4 None 5.0 Part 2 KPA-2.7 Logistics Operations ICT security functions P3-6.5 a) ICT security functions - General considerations 3.4 None 4.1 Part 3 KPA-3.3 Operational Security P3-6.5 b) User identification and authorization 3.7 None 4.1 Part 3 KPA-3.3 Operational Security P3-6.5 c) Security of data, servers, networks, media and content Part 3 KPA-3.3 Operational Security P3-6.5 d) Backup and disaster recovery Part 3 KPA-3.3 Operational Security P3-6.5 e) Non repudiation Part 1 KPA-1.2 Compliance with National Laws Change management P3-6.6 a) Modifications to the e-business infrastructure Part 2 KPA-2.2 e-shop Design P3-6.6 b) Operations monitoring Part 3 KPA-3.2 Application Reliability P3-6.6 c) Test environment and extensions 2.0 None 4.6 Part 3 KPA-3.2 Application Reliability P3-6.7 Guidelines for consumers Part 1 KPA-1.2 Compliance with National Laws Part 3-7 Requirements on partners P3-7 Contractual regulation and data transfer Part 2 KPA-2.7 Logistics Operations Total Trust Score Criteria Finding Trust Contr. e-shop Key Process Areas Part 2-3 Consumer needs P2-3.1 Understanding Consumer's Needs Part 2 KPA-2.2 e-shop Design P2-3.2 Logistics concept trust in delivery 3.9 None 5.0 Part 2 KPA-2.7 Logistics Operations P2-3.3 Social and cultural requirements Part 2 KPA-2.2 e-shop Design Part 2-4 Consumer interfaces P2-4.1 Requirements analysis Part 2 KPA-2.2 e-shop Design P2-4.2 Verification process 3.4 None 3.2 Part 2 KPA-2.4 Software Development P2-4.3 Content management Part 2 KPA-2.1 Organization P2-4.4 a) Usability - General Part 2 KPA-2.3 e-shop Operations P2-4.4 b) Usability - Contracts Part 1 KPA-1.1 European Regulatory Compliance P2-4.5 Infrastructure requirements and application services Part 2 KPA-2.6 Hoster Operations P2-4.6 Trust indicators Part 2 KPA-2.3 e-shop Operations Part 2-5 Process management P2-5.1 Business policy and ethics Part 2 KPA-2.1 Organization Business process modelling P2-5.2 a) Business process modelling - Business planning Part 2 KPA-2.2 e-shop Design P2-5.2 b) Business process modelling - Customer behaviour Part 2 KPA-2.3 e-shop Operations P2-5.2 c) Business process modelling - Functional modelling Part 2 KPA-2.4 Software Development P2-5.2 d) Business process modelling - Smart company Part 2 KPA-2.5 Software Maintenance P2-5.2 e) Business process modelling - Business process design Part 2 KPA-2.2 e-shop Design Business process implement. P2-5.3 a) Business process implementation - Payment Part 2 KPA-3.2 Application Reliability P2-5.3 b) Business process implementation - Delivery Part 2 KPA-2.7 Logistics Operations P2-5.3 c) Business process implementation - Consumer care Part 2 KPA-2.3 e-shop Operations P2-5.3 d) Business process implementation - Monitoring Part 2 KPA-2.7 Logistics Operations New product development P2-5.4 a) New product development - Project concept Part 2 KPA-2.2 e-shop Design P2-5.4 b) New product development - Planning and scheduling Part 2 KPA-2.4 Software Development P2-5.4 c) New product development - Business feasibility Part 2 KPA-2.7 Logistics Operations P2-5.4 d) New product development - Product Launch Part 2 KPA-2.1 Organization Resource management P2-5.5 a) Resource management - Financial resources Part 2 KPA-2.3 e-shop Operations P2-5.5 b) Resource management - Human resources Part 2 KPA-2.1 Organization P2-5.5 c) Resource management - Information management Part 2 KPA-2.1 Organization Supply chain management P2-5.6 a) Supply chain management - Identification of consumer Part 1 KPA-1.2 Compliance with National Laws P2-5.6 b) Supply chain management - Identification of supplier Part 1 KPA-1.2 Compliance with National Laws P2-5.6 c) Supply chain management - Consistency checks Part 3 KPA-3.2 Application Reliability P2-5.6 d) Supply chain management - Transactions Part 2 KPA-2.7 Logistics Operations Business partner managemen P2-5.7 a) Business partner management - Interfaces Part 2 KPA-2.3 e-shop Operations P2-5.7 b) Business partner management - Managing SLA's Part 2 KPA-2.3 e-shop Operations Part 2-6 Technology management P2-6.1 Infrastructure Part 2 KPA-2.6 Hoster Operations P2-6.2 Feedback from operation Part 2 KPA-2.3 e-shop Operations Part 2-7 Supplier interfaces P2-7.1 Feedback to customers Part 2 KPA-2.3 e-shop Operations P2-7.2 Handling of complaints Part 1 KPA-1.2 Compliance with National Laws P2-7.3 Issue resolution Part 2 KPA-2.3 e-shop Operations Part 2-8 Supplier view P2-8.1 Internal communication Part 2 KPA-2.1 Organization P2-8.2 Sustainability Part 2 KPA-2.3 e-shop Operations P2-8.3 Regulatory and self-regulatory compliance Part 1 KPA-1.2 Compliance with National Laws Part 3-6 Requirements on supplier P3-6.1 Security policy Part 2 KPA-2.1 Organization Security management P3-6.2 a) Security management system Part 2 KPA-2.1 Organization P3-6.2 b) Security management framework and role model Part 2 KPA-2.1 Organization P3-6.2 c) Personnel Part 2 KPA-2.3 e-shop Operations P3-6.2 d) Roles and responsibilities Part 3 KPA-3.2 Application Reliability P3-6.3 Risk analysis and reliability assessment 2.0 None 4.6 Part 3 KPA-3.2 Application Reliability P3-6.4 Inventory and classification of company assets 1.4 None 5.0 Part 2 KPA-2.7 Logistics Operations ICT security functions P3-6.5 a) ICT security functions - General considerations 3.4 None 4.1 Part 3 KPA-3.3 Operational Security P3-6.5 b) User identification and authorization 3.7 None 4.1 Part 3 KPA-3.3 Operational Security P3-6.5 c) Security of data, servers, networks, media and content Part 3 KPA-3.3 Operational Security P3-6.5 d) Backup and disaster recovery Part 3 KPA-3.3 Operational Security P3-6.5 e) Non repudiation Part 1 KPA-1.2 Compliance with National Laws Change management P3-6.6 a) Modifications to the e-business infrastructure Part 2 KPA-2.2 e-shop Design P3-6.6 b) Operations monitoring Part 3 KPA-3.2 Application Reliability P3-6.6 c) Test environment and extensions 2.0 None 4.6 Part 3 KPA-3.2 Application Reliability P3-6.7 Guidelines for consumers Part 1 KPA-1.2 Compliance with National Laws Part 3-7 Requirements on partners P3-7 Contractual regulation and data transfer Part 2 KPA-2.7 Logistics Operations Fail Total Trust Score Fail 5.7 Fail Criteria Finding Trust Contr. e-shop Key Process Areas Part 2-3 Consumer needs P2-3.1 Understanding Consumer's Needs Part 2 KPA-2.2 e-shop Design P2-3.2 Logistics concept trust in delivery 3.9 None 5.0 Part 2 KPA-2.7 Logistics Operations P2-3.3 Social and cultural requirements Part 2 KPA-2.2 e-shop Design Part 2-4 Consumer interfaces P2-4.1 Requirements analysis Part 2 KPA-2.2 e-shop Design P2-4.2 Verification process 3.4 None 3.2 Part 2 KPA-2.4 Software Development P2-4.3 Content management Part 2 KPA-2.1 Organization P2-4.4 a) Usability - General Part 2 KPA-2.3 e-shop Operations P2-4.4 b) Usability - Contracts Part 1 KPA-1.1 European Regulatory Compliance P2-4.5 Infrastructure requirements and application services Part 2 KPA-2.6 Hoster Operations P2-4.6 Trust indicators Part 2 KPA-2.3 e-shop Operations Part 2-5 Process management P2-5.1 Business policy and ethics Part 2 KPA-2.1 Organization Business process modelling P2-5.2 a) Business process modelling - Business planning Part 2 KPA-2.2 e-shop Design P2-5.2 b) Business process modelling - Customer behaviour Part 2 KPA-2.3 e-shop Operations P2-5.2 c) Business process modelling - Functional modelling Part 2 KPA-2.4 Software Development P2-5.2 d) Business process modelling - Smart company Part 2 KPA-2.5 Software Maintenance P2-5.2 e) Business process modelling - Business process design Part 2 KPA-2.2 e-shop Design Business process implement. P2-5.3 a) Business process implementation - Payment Part 2 KPA-3.2 Application Reliability P2-5.3 b) Business process implementation - Delivery Part 2 KPA-2.7 Logistics Operations P2-5.3 c) Business process implementation - Consumer care Part 2 KPA-2.3 e-shop Operations P2-5.3 d) Business process implementation - Monitoring Part 2 KPA-2.7 Logistics Operations New product development P2-5.4 a) New product development - Project concept Part 2 KPA-2.2 e-shop Design P2-5.4 b) New product development - Planning and scheduling Part 2 KPA-2.4 Software Development P2-5.4 c) New product development - Business feasibility Part 2 KPA-2.7 Logistics Operations P2-5.4 d) New product development - Product Launch Part 2 KPA-2.1 Organization Resource management P2-5.5 a) Resource management - Financial resources Part 2 KPA-2.3 e-shop Operations P2-5.5 b) Resource management - Human resources Part 2 KPA-2.1 Organization P2-5.5 c) Resource management - Information management Part 2 KPA-2.1 Organization Supply chain management P2-5.6 a) Supply chain management - Identification of consumer Part 1 KPA-1.2 Compliance with National Laws P2-5.6 b) Supply chain management - Identification of supplier Part 1 KPA-1.2 Compliance with National Laws P2-5.6 c) Supply chain management - Consistency checks Part 3 KPA-3.2 Application Reliability P2-5.6 d) Supply chain management - Transactions Part 2 KPA-2.7 Logistics Operations Business partner managemen P2-5.7 a) Business partner management - Interfaces Part 2 KPA-2.3 e-shop Operations P2-5.7 b) Business partner management - Managing SLA's Part 2 KPA-2.3 e-shop Operations Part 2-6 Technology management P2-6.1 Infrastructure Part 2 KPA-2.6 Hoster Operations P2-6.2 Feedback from operation Part 2 KPA-2.3 e-shop Operations Part 2-7 Supplier interfaces P2-7.1 Feedback to customers Part 2 KPA-2.3 e-shop Operations P2-7.2 Handling of complaints Part 1 KPA-1.2 Compliance with National Laws P2-7.3 Issue resolution Part 2 KPA-2.3 e-shop Operations Part 2-8 Supplier view P2-8.1 Internal communication Part 2 KPA-2.1 Organization P2-8.2 Sustainability Part 2 KPA-2.3 e-shop Operations P2-8.3 Regulatory and self-regulatory compliance Part 1 KPA-1.2 Compliance with National Laws Part 3-6 Requirements on supplier P3-6.1 Security policy Part 2 KPA-2.1 Organization Security management P3-6.2 a) Security management system Part 2 KPA-2.1 Organization P3-6.2 b) Security management framework and role model Part 2 KPA-2.1 Organization P3-6.2 c) Personnel Part 2 KPA-2.3 e-shop Operations P3-6.2 d) Roles and responsibilities Part 3 KPA-3.2 Application Reliability P3-6.3 Risk analysis and reliability assessment 2.0 None 4.6 Part 3 KPA-3.2 Application Reliability P3-6.4 Inventory and classification of company assets 1.4 None 5.0 Part 2 KPA-2.7 Logistics Operations ICT security functions P3-6.5 a) ICT security functions - General considerations 3.4 None 4.1 Part 3 KPA-3.3 Operational Security P3-6.5 b) User identification and authorization 3.7 None 4.1 Part 3 KPA-3.3 Operational Security P3-6.5 c) Security of data, servers, networks, media and content Part 3 KPA-3.3 Operational Security P3-6.5 d) Backup and disaster recovery Part 3 KPA-3.3 Operational Security P3-6.5 e) Non repudiation Part 1 KPA-1.2 Compliance with National Laws Change management P3-6.6 a) Modifications to the e-business infrastructure Part 2 KPA-2.2 e-shop Design P3-6.6 b) Operations monitoring Part 3 KPA-3.2 Application Reliability P3-6.6 c) Test environment and extensions 2.0 None 4.6 Part 3 KPA-3.2 Application Reliability P3-6.7 Guidelines for consumers Part 1 KPA-1.2 Compliance with National Laws Part 3-7 Requirements on partners P3-7 Contractual regulation and data transfer Part 2 KPA-2.7 Logistics Operations Fail Total Trust Score Fail 5.7 Fail Criteria Finding Trust Contr. e-shop Key Process Areas Part 2-3 Consumer needs P2-3.1 Understanding Consumer's Needs Part 2 KPA-2.2 e-shop Design P2-3.2 Logistics concept trust in delivery Part 2 KPA-2.7 Logistics Operations P2-3.3 Social and cultural requirements Part 2 KPA-2.2 e-shop Design Part 2-4 Consumer interfaces P2-4.1 Requirements analysis Part 2 KPA-2.2 e-shop Design P2-4.2 Verification process Part 2 KPA-2.4 Software Development P2-4.3 Content management Part 2 KPA-2.1 Organization P2-4.4 a) Usability - General Part 2 KPA-2.3 e-shop Operations P2-4.4 b) Usability - Contracts Part 1 KPA-1.1 European Regulatory Compliance P2-4.5 Infrastructure requirements and application services Part 2 KPA-2.6 Hoster Operations P2-4.6 Trust indicators Part 2 KPA-2.3 e-shop Operations Part 2-5 Process management P2-5.1 Business policy and ethics Part 2 KPA-2.1 Organization Business process modelling P2-5.2 a) Business process modelling - Business planning Part 2 KPA-2.2 e-shop Design P2-5.2 b) Business process modelling - Customer behaviour Part 2 KPA-2.3 e-shop Operations P2-5.2 c) Business process modelling - Functional modelling Part 2 KPA-2.4 Software Development P2-5.2 d) Business process modelling - Smart company Part 2 KPA-2.5 Software Maintenance P2-5.2 e) Business process modelling - Business process design Part 2 KPA-2.2 e-shop Design Business process implement. P2-5.3 a) Business process implementation - Payment Part 2 KPA-3.2 Application Reliability P2-5.3 b) Business process implementation - Delivery Part 2 KPA-2.7 Logistics Operations P2-5.3 c) Business process implementation - Consumer care Part 2 KPA-2.3 e-shop Operations P2-5.3 d) Business process implementation - Monitoring Part 2 KPA-2.7 Logistics Operations New product development P2-5.4 a) New product development - Project concept Part 2 KPA-2.2 e-shop Design P2-5.4 b) New product development - Planning and scheduling Part 2 KPA-2.4 Software Development P2-5.4 c) New product development - Business feasibility Part 2 KPA-2.7 Logistics Operations P2-5.4 d) New product development - Product Launch Part 2 KPA-2.1 Organization Resource management P2-5.5 a) Resource management - Financial resources Part 2 KPA-2.3 e-shop Operations P2-5.5 b) Resource management - Human resources Part 2 KPA-2.1 Organization P2-5.5 c) Resource management - Information management Part 2 KPA-2.1 Organization Supply chain management P2-5.6 a) Supply chain management - Identification of consumer Part 1 KPA-1.2 Compliance with National Laws P2-5.6 b) Supply chain management - Identification of supplier Part 1 KPA-1.2 Compliance with National Laws P2-5.6 c) Supply chain management - Consistency checks Part 3 KPA-3.2 Application Reliability P2-5.6 d) Supply chain management - Transactions Part 2 KPA-2.7 Logistics Operations Business partner managemen P2-5.7 a) Business partner management - Interfaces Part 2 KPA-2.3 e-shop Operations P2-5.7 b) Business partner management - Managing SLA's Part 2 KPA-2.3 e-shop Operations Part 2-6 Technology management P2-6.1 Infrastructure Part 2 KPA-2.6 Hoster Operations P2-6.2 Feedback from operation Part 2 KPA-2.3 e-shop Operations Part 2-7 Supplier interfaces P2-7.1 Feedback to customers Part 2 KPA-2.3 e-shop Operations P2-7.2 Handling of complaints Part 1 KPA-1.2 Compliance with National Laws P2-7.3 Issue resolution Part 2 KPA-2.3 e-shop Operations Part 2-8 Supplier view P2-8.1 Internal communication Part 2 KPA-2.1 Organization P2-8.2 Sustainability Part 2 KPA-2.3 e-shop Operations P2-8.3 Regulatory and self-regulatory compliance Part 1 KPA-1.2 Compliance with National Laws Part 3-6 Requirements on supplier P3-6.1 Security policy Part 2 KPA-2.1 Organization Security management P3-6.2 a) Security management system Part 2 KPA-2.1 Organization P3-6.2 b) Security management framework and role model Part 2 KPA-2.1 Organization P3-6.2 c) Personnel Part 2 KPA-2.3 e-shop Operations P3-6.2 d) Roles and responsibilities Part 3 KPA-3.2 Application Reliability P3-6.3 Risk analysis and reliability assessment Part 3 KPA-3.2 Application Reliability P3-6.4 Inventory and classification of company assets Part 2 KPA-2.7 Logistics Operations ICT security functions P3-6.5 a) ICT security functions - General considerations Part 3 KPA-3.3 Operational Security P3-6.5 b) User identification and authorization Part 3 KPA-3.3 Operational Security P3-6.5 c) Security of data, servers, networks, media and content Part 3 KPA-3.3 Operational Security P3-6.5 d) Backup and disaster recovery Part 3 KPA-3.3 Operational Security P3-6.5 e) Non repudiation Part 1 KPA-1.2 Compliance with National Laws Change management P3-6.6 a) Modifications to the e-business infrastructure Part 2 KPA-2.2 e-shop Design P3-6.6 b) Operations monitoring Part 3 KPA-3.2 Application Reliability P3-6.6 c) Test environment and extensions Part 3 KPA-3.2 Application Reliability P3-6.7 Guidelines for consumers Part 1 KPA-1.2 Compliance with National Laws Part 3-7 Requirements on partners P3-7 Contractual regulation and data transfer Part 2 KPA-2.7 Logistics Operations 4.6 Pass Total Trust Score Pass Pass Criteria Finding Trust Contr. e-shop Key Process Areas Part 2-3 Consumer needs P2-3.1 Understanding Consumer's Needs Part 2 KPA-2.2 e-shop Design P2-3.2 Logistics concept trust in delivery Part 2 KPA-2.7 Logistics Operations P2-3.3 Social and cultural requirements Part 2 KPA-2.2 e-shop Design Part 2-4 Consumer interfaces P2-4.1 Requirements analysis Part 2 KPA-2.2 e-shop Design P2-4.2 Verification process Part 2 KPA-2.4 Software Development P2-4.3 Content management Part 2 KPA-2.1 Organization P2-4.4 a) Usability - General Part 2 KPA-2.3 e-shop Operations P2-4.4 b) Usability - Contracts Part 1 KPA-1.1 European Regulatory Compliance P2-4.5 Infrastructure requirements and application services Part 2 KPA-2.6 Hoster Operations P2-4.6 Trust indicators Part 2 KPA-2.3 e-shop Operations Part 2-5 Process management P2-5.1 Business policy and ethics Part 2 KPA-2.1 Organization Business process modelling P2-5.2 a) Business process modelling - Business planning Part 2 KPA-2.2 e-shop Design P2-5.2 b) Business process modelling - Customer behaviour Part 2 KPA-2.3 e-shop Operations P2-5.2 c) Business process modelling - Functional modelling Part 2 KPA-2.4 Software Development P2-5.2 d) Business process modelling - Smart company Part 2 KPA-2.5 Software Maintenance P2-5.2 e) Business process modelling - Business process design Part 2 KPA-2.2 e-shop Design Business process implement. P2-5.3 a) Business process implementation - Payment Part 2 KPA-3.2 Application Reliability P2-5.3 b) Business process implementation - Delivery Part 2 KPA-2.7 Logistics Operations P2-5.3 c) Business process implementation - Consumer care Part 2 KPA-2.3 e-shop Operations P2-5.3 d) Business process implementation - Monitoring Part 2 KPA-2.7 Logistics Operations New product development P2-5.4 a) New product development - Project concept Part 2 KPA-2.2 e-shop Design P2-5.4 b) New product development - Planning and scheduling Part 2 KPA-2.4 Software Development P2-5.4 c) New product development - Business feasibility Part 2 KPA-2.7 Logistics Operations P2-5.4 d) New product development - Product Launch Part 2 KPA-2.1 Organization Resource management P2-5.5 a) Resource management - Financial resources Part 2 KPA-2.3 e-shop Operations P2-5.5 b) Resource management - Human resources Part 2 KPA-2.1 Organization P2-5.5 c) Resource management - Information management Part 2 KPA-2.1 Organization Supply chain management P2-5.6 a) Supply chain management - Identification of consumer Part 1 KPA-1.2 Compliance with National Laws P2-5.6 b) Supply chain management - Identification of supplier Part 1 KPA-1.2 Compliance with National Laws P2-5.6 c) Supply chain management - Consistency checks Part 3 KPA-3.2 Application Reliability P2-5.6 d) Supply chain management - Transactions Part 2 KPA-2.7 Logistics Operations Business partner managemen P2-5.7 a) Business partner management - Interfaces Part 2 KPA-2.3 e-shop Operations P2-5.7 b) Business partner management - Managing SLA's Part 2 KPA-2.3 e-shop Operations Part 2-6 Technology management P2-6.1 Infrastructure Part 2 KPA-2.6 Hoster Operations P2-6.2 Feedback from operation Part 2 KPA-2.3 e-shop Operations Part 2-7 Supplier interfaces P2-7.1 Feedback to customers Part 2 KPA-2.3 e-shop Operations P2-7.2 Handling of complaints Part 1 KPA-1.2 Compliance with National Laws P2-7.3 Issue resolution Part 2 KPA-2.3 e-shop Operations Part 2-8 Supplier view P2-8.1 Internal communication Part 2 KPA-2.1 Organization P2-8.2 Sustainability Part 2 KPA-2.3 e-shop Operations P2-8.3 Regulatory and self-regulatory compliance Part 1 KPA-1.2 Compliance with National Laws Part 3-6 Requirements on supplier P3-6.1 Security policy Part 2 KPA-2.1 Organization Security management P3-6.2 a) Security management system Part 2 KPA-2.1 Organization P3-6.2 b) Security management framework and role model Part 2 KPA-2.1 Organization P3-6.2 c) Personnel Part 2 KPA-2.3 e-shop Operations P3-6.2 d) Roles and responsibilities Part 3 KPA-3.2 Application Reliability P3-6.3 Risk analysis and reliability assessment Part 3 KPA-3.2 Application Reliability P3-6.4 Inventory and classification of company assets Part 2 KPA-2.7 Logistics Operations ICT security functions P3-6.5 a) ICT security functions - General considerations Part 3 KPA-3.3 Operational Security P3-6.5 b) User identification and authorization Part 3 KPA-3.3 Operational Security P3-6.5 c) Security of data, servers, networks, media and content Part 3 KPA-3.3 Operational Security P3-6.5 d) Backup and disaster recovery Part 3 KPA-3.3 Operational Security P3-6.5 e) Non repudiation Part 1 KPA-1.2 Compliance with National Laws Change management P3-6.6 a) Modifications to the e-business infrastructure Part 2 KPA-2.2 e-shop Design P3-6.6 b) Operations monitoring Part 3 KPA-3.2 Application Reliability P3-6.6 c) Test environment and extensions Part 3 KPA-3.2 Application Reliability P3-6.7 Guidelines for consumers Part 1 KPA-1.2 Compliance with National Laws Part 3-7 Requirements on partners P3-7 Contractual regulation and data transfer Part 2 KPA-2.7 Logistics Operations 4.6 Pass Total Trust Score Pass Pass Pass! Ja! Fail! Nein Incomplete Unvollständig

38 Der Trust Index Schritt 1: Pass oder Fail Alle Audit Kriterien ergeben wenigstens eine 4 Sonst Fail Schritt 2: Vertrauensindex Der Abstand zwischen Grad 4 (= genügt den Ansprüchen und Rechten der Konsumenten) und 5 (= Best Practices) wird geometrisch hochgerechnet zu einem e-trust Score zwischen 1 und 9 Bedeutung für den Konsumenten: 1 = Minimales Vertrauen 3 = Etwas Vertrauen 5 = Konsument fühlt sich sicher 7 = Konsument ist 9 = Sehr gutes Image begeistert

39 Ergebnis Zertifizierte eapplikation Schaffen Vertrauen für die Bürger Es deckt alle bisherigen Trust Labels mit ab Identität (VeriSign) ISO 9000 (insofern relevant für eapplikation) Sicherheit (BS 7799) Plus die geltenden Zulassungsbestimmungen in Europa Zertifizierte Partner Hoster Web - Designer Software Entwickler Logistiker

40 Schlussresultat Das AWA ist CWA-konformitätsgeprüft: Erfüllt die EU-Anforderungen (Recht / Prozesse / Sicherheit) Erfüllt die CH-Anforderungen (Recht / Prozesse / Sicherheit) Ist bereits gerüstet auf die neue CH-Gesetzgebung Erfüllt alle Anforderungen an einen vertrauensvollen & sicheren eapplikation (Bürgererwartungen) Setzt 5 Monate nach Inkrafttreten als erste e-gov Online- Dienstleisterin in EU / CH freiwillig die international verabschiedeten Anforderungen um

41 e-comtrust Schweiz Zertifizierungskommission: Markus Fischer SwissICT Thomas Pletscher economiesuisse Jacques Vifian Eidg. Büro für Konsumentenfragen Dr. Hans Peter Homberger SNV

42 Kontakt: Robert P. Hilty +41 (0)62/ Mail: