(a) Any limitation of its liabilities and particularly, the implication of reliance
limitations specified; and
(b) The subscriber identity verification method for the issuance, suspension,
revocation and renewal of a certificate.
(4) A certification service provider shall file, with the Commission, a copy of its
certification practice statement and specify its effective date and publish it on its
web site.
(5) A certification service provider shall log all changes to the certification practice
statement and specify the effective date of each change.
(6) A certification service provider shall keep, in a secure manner, a copy of each
version of its certification practice statement and record the date it came into effect
and the date it ceased to have effect.
7. Responsibilities of a certification service provider.
(1) A certification service provider shall —
(a) Issue and renew certificates;
(b) Suspend, reinstate or revoke certificates;
(c) Conduct personal identification of subscribers;
(d) Publish accurate information relating to certificates;
(e) Provide a repository service listing all published certificates, records of revoked
certificates that may be used to verify the validity of published certificates;
(f) Ensure protection of private information and safekeeping of data security; and
(g) Provide time-stamp services.
8. Records management.
(1) A certification service provider shall, keep securely all records relating to —
(a) Issuance, renewal, suspension or revocation of certificates, including the
identity of any person requesting for a certificate;