Index of documents supporting the Grant of Approval to NPIA’s Central Services CA service.

  1. What the tScheme Approved Service Mark signifies.
  2. Approved Service - Service Description
  3. Approval Profiles used in the assessment:
    Base Approval Profile tSd0111 3.00
    Approval Profile for Registration Services tSd0042 3.02
    Approval Profile for a Certification Authority tSd0102 3.01
    Approval Profile for Certificate Generation tSd0104 3.01
    Approval Profile for Certificate Dissemination tSd0105 3.01
    Approval Profile for Certificate Status Management tSd0106 3.01
    Approval Profile for Certificate Status Validation tSd0107 3.01

Back to Grant details

What the tScheme Approved Service Mark signifies

When a trust service carries the tScheme Mark, you can be secure in the knowledge that:

For each service, tScheme approval is regularly reviewed and may be withdrawn.

This Grant of Approval does not affirm or endorse any claims of conformance to standards or adherence to guidelines not explicitly listed as forming part of the service assessment.


Approved Service - Service Description

The subject service of this Grant of Approval is the Identity and Access Management Central Services Certification Authority (IAM CSCA).

The IAM Central Services solution is designed to provide a common yet robust authentication and authorisation service for accessing applications by the policing community and related organisations. The IAM Central Services solution is considered to be an essential enabler for the secure sharing of information that is contained within police service information systems and provides the following capabilities:

The IAM CSCA is governed by the Police PKI Policy Management Authority (P3MA) and operated on their behalf by the NPIA.

The P3MA publish the Police Service PKI Certificate Policies (CP) that defines the requirements with which all participants of the Police Service PKI must comply. The CP is identified by the following object identifiers (OIDs) that relate to each of the end-entity policies:

The IAM Central Services CA Certificate Policy Disclosure Statement (CPDS) provides excerpts and summary information from the CP, relevant to subscribers and relying parties of the IAM CSCA. The CP and CPDS are published to relying parties via the Criminal Justice Extranet (CJX) and are available on request from the P3MA Secretariat (

The IAM CSCA is a component of the NPIA Identity and Access Management programme, which provides strong identity assurance of police workers to enable secure, controlled access to national and regional police information systems.

The IAM CSCA primarily issues high-assurance end-entity certificates for the purposes of authenticating to police information systems. The service also supports the issuance of high-assurance certificates for digital signing and confidentiality.

Identity assurance is provided through the verification of the identity of individuals, to whom certificates will be issued, beyond reasonable doubt.

The IAM CSCA performs both Certificate Authority (CA) and Registration Authority (RA) functions. RA functions are also performed by organisations that subscribe to the IAM CSCA through the IAM Managed Service. IAM Managed Service subscribers are primarily criminal justice organisations that contract with the IAM CSCA and the IAM Managed Service providers for PKI trust services.

The IAM Managed Service allows subscribing organisations to perform the identification and enrolment of end users within the organisation, in accordance with P3MA-approved policies and procedures, prior to submitting certificate requests to the IAM CSCA.

The IAM CSCA provides relying parties with certificate status information, in the form of Certificate Revocation Lists, to validate certificates within their applications.


The tScheme Code of Conduct

Participants in the electronic trust services industry strive: