Our Role as a VDS Scheme Operator
In today’s increasingly digital world, verifying the authenticity and integrity of information, products, and documents is paramount. The Visible Digital Seal (VDS) ecosystem provides a powerful solution, offering a secure, standardized way to embed trust directly onto items or their digital representations. At Otentik, we are proud to be an accredited Scheme Operator (SO), also known as a Trust Service Operator (TSO), within this global framework, as governed by the VDS International Council (VDSIC). Our specific role involves managing and operating the Otentik VDS, ensuring its reliability, security, and interoperability. This article outlines our core goals and the robust governance structure we maintain to uphold the highest standards of trust.
Our Goals in the VDS Ecosystem
Our primary objective as a Scheme Operator is to cultivate a secure and trustworthy environment for the use of Visible Digital Seals within our designated domain. We strive to:
- Champion Trust and Security: We are deeply committed to maintaining exceptional operational integrity and robust security measures. This forms the bedrock upon which trust in our specific VDS scheme is built.
- Guarantee Interoperability: We ensure that VDS implementations under our scheme adhere strictly to the global VDSIC standards, enabling seamless verification and fostering trust across borders and systems.
- Provide Dependable Trust Anchors: A core function is the meticulous management and publication of our Scheme List of Trusted Lists (LoTL) and the associated Trust Service Lists (TSLs). These lists are the authoritative sources that allow anyone to verify the legitimacy of VDS seals originating from our scheme, and we ensure they are accurate, up-to-date, and readily accessible.
- Enable Specific and Secure Use Cases: We manage the unique VDS Manifest Identifiers (UUIDs) relevant to our scheme, defining the specific types of data or documents that can be sealed. Crucially, we operate a clear and secure process for authorizing legitimate VDS Issuers to create seals for these specific purposes.
- Uphold Transparency and Compliance: Operating openly and adhering rigorously to the requirements set forth by the VDSIC are fundamental principles. We are committed to transparent practices and meeting all compliance obligations.
Governance Framework
To achieve our goals and maintain the confidence of all participants, Otentik operates under a comprehensive governance framework. This framework aligns directly with the stringent requirements mandated by the VDSIC for Scheme Operators and ensures accountability, security, and operational excellence. Key elements include:
Accountability to VDSIC
As an accredited body, we maintain a strong relationship with the VDSIC Governance Board. This involves strict adherence to their standards and directives, regular reporting, and full cooperation with oversight activities, compliance reviews, and audits. Maintaining good standing within the VDSIC community is paramount.
Organizational Integrity
We operate as a distinct legal entity, assuming full responsibility for the VDS scheme activities we manage. We enforce strict impartiality, manage potential conflicts of interest, and ensure we possess the necessary financial stability, technical infrastructure, and skilled, trustworthy personnel to operate reliably. Rigorous background checks and security training are implemented for staff in sensitive roles, and any critical functions outsourced are subject to stringent oversight, with ultimate responsibility remaining with us.
Robust Operational Management
We implement meticulous procedures for managing the critical trust infrastructure. This includes the compliant publication, maintenance, and timely updating of our Scheme LoTL and referenced TSLs, ensuring their constant availability. We manage the assignment of Manifest UUIDs unique to our scheme and maintain a secure, authoritative record linking authorized VDS Issuers to the specific UUIDs they are permitted to use. Furthermore, we provide a secure mechanism for accredited Trust Service Providers (TSPs) and Certificate Authorities (CAs) within our scheme to verify this authorization before issuing relevant certificates. Comprehensive, tested Business Continuity and Disaster Recovery plans are in place, alongside documented procedures for effective Incident Management and Response.
Comprehensive Security Governance
Security is woven into every aspect of our operations. We align with established trust frameworks (like ISO 22385) and implement a formal risk management process (based on standards like ISO/IEC 27005) to proactively identify and mitigate threats. Our VDS-related infrastructure operates under an Information Security Management System (ISMS) guided by ISO/IEC 27001 and 27002 principles. Cryptographic keys used for critical functions, such as signing our Scheme LoTL, are managed throughout their lifecycle with utmost care, generated, stored, and used exclusively within certified Hardware Security Modules (HSMs) meeting high standards (e.g., FIPS 140-2 Level 3 or Common Criteria EAL4+). We enforce key separation, ensuring keys used for signing trust lists are distinct from those used for other purposes. Robust technical controls, including secure configuration, timely patching, network segmentation, intrusion detection, strong authentication, and malware protection, safeguard our systems.
Transparency and Compliance
We believe trust is earned through openness. We publish and maintain a detailed Practice Statement, freely available on our website, which clearly outlines our policies, procedures, security controls, and operational practices. We generate and securely retain comprehensive audit logs for all critical activities, enabling thorough security investigations and compliance verification. Furthermore, we undergo regular, independent third-party audits (such as ISO/IEC 27001 certification or SOC 2 Type II assessments) focused on the security, availability, and integrity of our VDS operations, providing these attestations to the VDSIC upon request.
Our Contribution to the Ecosystem
As a VDS Scheme Operator, Otentik plays a vital role in connecting the different participants within the VDS ecosystem. We provide relying parties with the trusted information needed to verify seals, offer TSPs and CAs a stable and clear operating framework, give VDS Issuers a defined scope and authorization process, and assure the VDSIC of compliant and interoperable operations within our domain. We act as a crucial link, upholding the standards that make the entire VDS network trustworthy and effective.