Index of documents supporting the Grant of Approval to the Metropolitan Police Service’s Enterprise PKI Service.

  1. What the tScheme Approved Service Mark signifies.
  2. Approved Service - Service Description
  3. Approval Profiles used in the assessment:
    Base Approval Profile tSd0111 3.00
    Approval Profile for Registration tSd0042 3.02
    Approval Profile for a Certification Authority tSd0102 3.01
    Approval Profile for Signing Key Pair Management tSd0103 3.02
    Approval Profile for Certificate Generation tSd0104 3.01
    Approval Profile for Certificate Dissemination tSd0105 3.01
    Approval Profile for Certificate Status Management tSd0106 3.01
    Approval Profile for Certificate Status Validation tSd0107 3.01

Back to Grant details

What the tScheme Approved Service Mark signifies

When a trust service carries the tScheme Mark, you can be secure in the knowledge that:

For each service, tScheme approval is regularly reviewed and may be withdrawn.

This Grant of Approval does not affirm or endorse any claims of conformance to standards or adherence to guidelines not explicitly listed as forming part of the service assessment.


Approved Service - Service Description

The subject service of this Grant of Approval is the Enterprise PKI Service from the Metropolitan Police Service.

The Metropolitan Police Service (MPS) has developed an Enterprise Public Key Infrastructure (PKI) to underpin IT security services and to enable electronic business within the organisation and with external parties, for example the NPIA for access to national police applications such as PND. The Certificate Policy (CP) for the MPS PKI Root Certificate Authority (CA) provides a full description of the Root Certificate Authority role, and in particular describes the legal, business and technical requirements for the Root CA. The policy should be read in conjunction with the associated Certificate Practice Statement (CPS), which describes ‘how’ these requirements are met in issuing certificates to CAs that are chained to the Root CA. The Root CA currently has two sub-ordinate CAs known as Sub-CA1 and sub-CA2, which are responsible for issuing, suspending and revoking certificates. The scope of the certificates issued by each Sub-CA is shown below:


The tScheme Code of Conduct

Participants in the electronic trust services industry strive: