Commission may from time to time prescribe.

Records
Management

7.

1) Every Certification Service Provider shall make and keep
in a secure manner records relating to a. activities in issuance, renewal, suspension and
revocation of certificates (including the process
of identification of any person requesting a
certificate from a licensed Certification Service
Provider);
b. the process of generating subscribers' (where
applicable) or the licensed Certification Service
Provider's own key pairs;
c. the administration of a licensed Certification
Service Provider's computing facilities; and
d. such critical related activity of a licensed
Certification Service Provider as may be
determined by the Commission from time to time.
2) A Certification Service Provider may keep its records
either in paper-based document, electronic records or any
other form approved by the Commission from time to
time, and such records shall be indexed, stored, preserved
and reproduced so as to be accurate, complete, legible
and accessible to the Commission or any authorised
officer.
3) Every Certification Service Provider shall archive all
certificates issued by it and maintain mechanisms to
access such certificates for a period of not less than 7
years.
4) Every licensed Certification Service Provider shall retain
all records required to be kept under paragraph (1) and
all logs of the creation of the archive of certificates
referred to in paragraph (3) for a period of not less than 7
years.

Issuance of
certificates

8.

1) Certificates shall contain:
a) the identity information of the Certification
Service Provider;
b) the identity information by which the signature
owner can be identified;
c) signature-verification data which corresponds to
6

Select target paragraph3