You are here

FAQs

FAQs

Can’t find the answer you’re looking for? Please contact us with your question. We’ll get back to you as soon as we can.

Who should join tScheme?

Organisations who are committed to delivering trust based services and see the value in supporting tScheme as an entity operating as a developer of independent Profiles and approvals body.

What is the membership fee?

tScheme members pay an annual fee of £1,000 which is refunded by way of a discount on any tScheme approval fees. Membership is automatic for approved Trust Service Providers.

Benefit of membership

Member organisations are eligible to nominate a representative to join the tScheme board of directors and serve on some of the sub committees.

Members can themselves operate schemes and/or be applicants for approval. Example members of tScheme are Mydex CIC, BT, Experian, UK Payments Council, Cabinet Office and the Department for Work & Pensions.

Note: In some cases one organisation may be an Applicant as well as a tScheme member, in the same manner an organisation could be a Scheme Authority and a tScheme member as well.

To join tScheme or find out more, please email phil.flaxton@tscheme.org or telephone us on +44 (0) 8702 417 497

Is tScheme developing a Profile for eIDAS that can be independently assessed?

The Information Commissioner's Office is currently drawing up guidelines for approval of qualified trust service providers under eIDAS. Once this is complete, we will produce the required Profiles.

What does eIDAS mean?

Electronic Identification and Trust Services (eIDAS) is a range of services that allows you to verify the identity of a person or business online, or to confirm the authenticity of an electronic document. It’s defined by a European regulation (910/9124) that came into force in July 2016.

What is the scope of the services that tScheme can accredit?

tScheme can be used to accredit or approve any form of trust services which can be defined using a ‘Profile’. We support multiple trust schemes and frameworks. Our Profiles are independent and can be easily applied in a modular fashion to specific requirements.

We also develop new Profiles to meet specific requirements, either from scratch, or by modifying or extending existing Profiles. Get in touch if you have a need for a new Profile.

More about tScheme Profiles.

Is tScheme complimentary with key standards focusing on security and trust?

Yes, tScheme is complementary to key standards like ISO27001 Information Security Management Systems, good practice guidelines such as ISO 27018 for protecting privacy in the cloud, and the Fair Data Trust Mark.

tScheme focuses on ensuring the trust of specific services against precise Profiles that can be independently assessed. In simple terms, where such standards are used, tScheme approval is a logical extension.

How long does it usually take to acquire tScheme approval?

Usually the whole process takes around three months to complete, but it can take longer. If your service already has ISO 27001 or ISO 9000 certification, this can speed up tScheme approval.

What does tScheme Approval mean?

It means that an electronic trust service meets the  standards of good practice for digital trust services defined by tScheme.

Why get tScheme Approval?

Business and consumer confidence is vital in the technology sector. An independent, transparent body such as tScheme provides the assurance needed to place trust in the service providers and their services. tScheme takes into account all the relevant legislation and has access to top experts who define the criteria, to which services are assessed.

The tScheme mark, the Approved Service mark, and the Registered Applicant Sign, are all registered trademarks, and can only used when granted by tScheme.

What is a conformity assessment body?

This is an organisation that is able to assess whether or not a trust service is able to meet the relevant requirements. Conformity assessment bodies must be formally accredited by the UK Accreditation Service (UKAS). The conformity assessment bodies for tScheme assessments are LRQA and KPMG Audit Plc.

What services have tScheme approval?

For a current list of approved tScheme Services please take a look at the Approved Services page.

What is a “tScheme Registered Applicant”?

It’s an initial step toward gaining tScheme Approval. This recognises the firm commitment the service provider is making to complete the tScheme assessment process in a timely manner.

What is a “Qualified Certificate”?

A Qualified Certificate is a certificate provided by a competent service provider who has verified, by appropriate means in accordance with national law, the identity of the subject of the certificate.

When it is the basis of an Advanced Electronic Signature and when the signature is created by a secure-signature-creation device, then it is usually referred to as a "Qualified Electronic Signature" and must be treated the same as if it was a hand-written signature. Not all tScheme Approved Services will necessarily provide Qualified Certificates, although many will because of the potential legal benefits.

What is a Digital Signature?

It’s a method of ‘signing’ an electronic document. In its simplest form it might just be the addition of some text or a digital image. But more sophisticated methods are also available which can more reliably link the digital signature to the person making it. No matter what kind of digital signature is used, it has the same validity as a written signature and is admissible in court as evidence that a contract has been entered into.

There’s more information about digital signatures and a free book at the Institute of Advanced Legal Studies website.

What are the rules on qualified electronic signatures?

A qualified electronic signature is one that complies with EU Regulation No 910/2014 (eIDAS Regulation) for electronic transactions within the internal European market. It must:

  • Be offered by a qualified trust service provider
  • Meet the specific requirements for an advanced signature
  • Be created using a qualified creation device
  • Be supported by a qualified certificate

What is a qualified trust service provider?

It’s a trust service provider that has been granted qualified status by the UK Information Commissioner's Office. Qualified trust service providers can use an EU trust mark and are listed on a trusted list run by TScheme.

Who can I trust to provide me with good security?

A provider whose service is approved by tScheme, brings with the tScheme Mark not only the confidence of a trusted name, but the knowledge that their system has been independently tested to standards drawn up by industry experts. tScheme cannot recommend a specific service over others, but you can be assured that where you see the tScheme Mark, the service has been assessed as one of the highest quality.

Why tScheme approval?

It’s the mark which says your service meets the highest standards of trust.

MORE >

Getting tScheme approval

Approval usually takes at least three months, but it can be quicker.

MORE >

Schemes and Profiles

Providing guidelines and criteria for organisations to develop their trust services.

MORE >