Index of documents supporting the Grant of Approval to Exostar UK Ltd’s Digital Certificate Service.

  1. What the tScheme Approved Service Mark signifies.
  2. Approved Service - Service Description
  3. Approval Profiles used in the assessment:
    Base Approval Profile tSd0111 3.00
    Approval Profile for Registration Services tSd0042 3.02
    Approval Profile for a Certification Authority tSd0102 3.01
    Approval Profile for Signing Key Pair Management tSd0103 3.02
    Approval Profile for Certificate Generation tSd0104 3.01
    Approval Profile for Certificate Dissemination tSd0105 3.01
    Approval Profile for Certificate Status Management tSd0106 3.01
    Approval Profile for Certificate Status Validation tSd0107 3.01

Back to Grant details

What the tScheme Approved Service Mark signifies

When a trust service carries the tScheme Mark, you can be secure in the knowledge that:

For each service, tScheme approval is regularly reviewed and may be withdrawn.

This Grant of Approval does not affirm or endorse any claims of conformance to standards or adherence to guidelines not explicitly listed as forming part of the service assessment.


Approved Service - Service Description

This Public Service Description relates to Exostar UK Ltd.’s service known as DCS Digital Certificate Service.

DCS is a source of Qualified Certificates issued in accordance with and conformant to European legislation1. The Exostar DCS Certificate Authority (DCS CA) is subordinate to Exostar’s USA-based Root CA, which is cross-certified with the US Federal Bridge CA and the SAFE-BioPharma Association Bridge CA. The DCS CA issues certificates that can be used for both Identification/Authentication and Digital Signature purposes. In addition to Qualified Certificate identifiers (e.g. id-QCP-Public, and id-QCP-Public+SSCD), the digital certificates also exhibit a US Federal Policy identifier, which maps to the SAFE-BioPharma Association Bridge CA at the Medium Software or Medium Hardware level of assurance.

The combination of these attributes makes the certificates useful to subscribers in the pharmaceutical, life sciences, and healthcare industries worldwide. In particular, the certificates satisfy the requirements imposed upon those subscribers who are required to digitally sign documents intended for submission to regulatory agencies such as the European Medicines Agency and the US Food and Drug with EU Qualified Certificates or certificates mapped to industry or US Government bridge CAs.

Relying parties can be assured that subscribers of DCS have been properly authenticated and vetted before receiving digital certificates from the service. Requisite identity proofing is conducted in accordance with the policies of the US Federal PKI policy authority, the US Federal Identity, Credential, and Access Management policies, the policies of the SAFE-BioPharma Association and tScheme Ltd., and European Directive 1999/93/EC1 for the appropriate assurance level of the certificates issued (e.g. id-QCP-Public / Medium Software, or id-QCP-Public+SSCD / Medium Hardware). The assurance level of certificates issued to subscribers can be ascertained from various extensions including the QCStatements extension and Certificate Policies extension. All Personally Identifiable Information is securely handled in accordance with both US and UK law.

The provision of DCS, and related client services functions, is hosted and operated by Exostar LLC at its operations centers in Virginia, USA. DCS provides full life-cycle certificate support.

For additional information, please see the Exostar DCS Service Policy Disclosure Statement, and the Exostar FIS and DCS Certificate Policy generally, public available at

1 Meeting the requirements defined in Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures.


The tScheme Code of Conduct

Participants in the electronic trust services industry strive: