Electronic Transactions Act, 2008

Act  772

(a)	 the financial and human resources, including the assets of
an applicant;
(b)	 the quality of the applicants hardware and software systems;
(c)	 procedures for processing products or services;
(d)	 the availability of information to third parties relying on the
authentication product or service;
(e)	 the regularity and extent of audits by an independent body;
and
(f)	 any other relevant factor which may be prescribed or which
the Agency may consider necessary.
(5)  A licence is valid for the period and on the terms and conditions
that may be determined by the Agency.
Grant of licence
39.  (1)  The Agency shall not grant a licence under this Act unless the
Agency is satisfied that a security procedure related to or issued by an
applicant,
(a)	 is uniquely linked to the user,
(b)	 is capable of identifying that user,
(c)	 is created using means that can be maintained under the sole
control of that user, and
(d)	 will be linked to the electronic record to which it relates so
that any subsequent change of the electronic record is detectable.
(2)  The Agency may, prior to licensing any authentication products
or services, stipulate:
(a)	 the technical and other requirements to be met by certificates
issued by the licence holder;
(b)	 the requirements for issuing certificates;
(c)	 the requirements for certification practice statements;
(d)	 the responsibilities of the certification service provider;
(e)	 the liability of the certification service provider;
(f)	 the records to be kept and the manner in which and length
of time for which they must be kept;
(g)	 requirements concerning certificate suspension and revocation procedures;
(h)	 requirements as to notification procedures relating to certificate suspension and revocation; and
19

Select target paragraph3