As stated in Resolution on technical controls TSP TS, Trust Service Providers (TSPs) are required to notify TDRA in case of security breach, personal data breach, or any change affecting the provision of the service.
Such notifications are to be sent to trust.services@tdra.gov.ae.
Changes in the TSP or the Trust Services (TS) it provides
Example of intended changes that must be notified to TDRA include at least:
- Changes of practices resulting from a change in trust service policy or associated terms and conditions of use;
- Changes of outsourcers or subcontractors;
- Changes of hosting conditions;
- Changes of cryptographic material;
- Modifications in the technical architecture;
- Changes in the procedures for identifying, authenticating and registering subscribers/subjects;
- Changes in the governance of the TSP;
- Changes resulting in a modification of the UAE trusted list with regards to the TSP and the TS it provides;
- Termination of trust services or part thereof.
Additionally, TSP shall notify TDRA, on a yearly basis, with an overview of all changes made to the provision of its trust service(s).
Security or personal data breaches
Requirements for notification to TDRA also cover security incidents. The TSP, after having become aware of a security incident as part of its activities, shall notify TDRA at least:
- When the information systems of the TSP are exposed to any danger affecting the security and safety of the (Q)TS provided;
- When the subscriber's information or documents are exposed to unauthorized disclosure; and
- At the occurrence of any breach of security or loss of integrity that has a significant impact on the (Q)TS provided or on the personal data maintained therein.
Gold star Logo
