Enterprise PKI from the Metropolitan Police Service

Enterprise PKI
from the Metropolitan Police Service

Grant of Approval

tScheme Limited grants approval to the electronic trust service identified as:
Enterprise PKI

as supplied by:
The Metropolitan Police Service
of New Scotland Yard, Broadway, London, SW1 OBG.

The management system used to deliver this service is certified by:
Lloyd’s Register Quality Assurance Ltd. (LRQA)
of Trinity Park, 1 Bickenhill Lane, Birmingham B37 7ES

to satisfy the criteria defined in the following tScheme Approval Profiles:

Title Identity Issue
Base Approval Profile tSd0111 3.00
Approval Profile for a Certification Authority* tSd0102 3.01
Approval Profile for Signing Key Pair Management* tSd0103 3.02
Approval Profile for Certificate Generation* tSd0104 3.01
Approval Profile for Certificate Dissemination tSd0105 3.01
Approval Profile for Certificate Status Management tSd0106 3.01
Approval Profile for Certificate Status Validation tSd0107 3.01
Approval Profile for Registration Services tSd0042 3.02

*not including Qualified Certificates

This approval initially commenced on:
14th December, 2012

and annual renewal against the current issue of these Approval Profiles was confirmed in:
May 2019

Documents supporting this grant are available by clicking on the links in the table above.

This Grant of approval is issued by:
tScheme Limited
Mulberry Grove
PO Box 3653
RG40 9NN
United Kingdom

Company Number 4000985

Approved Service Description

The subject service of this Grant of Approval is the Enterprise PKI Service from the Metropolitan Police Service.

The Metropolitan Police Service (MPS) has developed an Enterprise Public Key Infrastructure (PKI) to underpin IT security services and to enable electronic business within the organisation and with external parties, for example the NPIA for access to national police applications such as PND. The Certificate Policy (CP) for the MPS PKI Root Certificate Authority (CA) provides a full description of the Root Certificate Authority role, and in particular describes the legal, business and technical requirements for the Root CA. The policy should be read in conjunction with the associated Certificate Practice Statement (CPS), which describes ‘how’ these requirements are met in issuing certificates to CAs that are chained to the Root CA. The Root CA currently has two sub-ordinate CAs known as Sub-CA1 and sub-CA2, which are responsible for issuing, suspending and revoking certificates.

The scope of the certificates issued by each Sub-CA is shown below:

  • Authentication of end-entities and confidentiality (Sub-CA1)
  • Digital signature (Sub-CA2)

Our members

We’re a member-led not-for-profit organisation.


What we do

Approval for organisations in the trust service provider sector.



A collection of white papers and presentations from tScheme.