Simplify regulatory compliance using ID-3 HSM procedures

Documentation is central to regulatory compliance.

Effective procedures allow you to quickly and painlessly demonstrate your working practices and prove your compliance

ID-3 Documentation allows you to:

  • Define and enforce controls in your environment
  • Assist sign-off and give you more control over the process
  • Provide a clear and concise attestation of the procedure
  • Support distribution of copies to the relevant parties and the key stakeholders
  • Eliminate the time and effort developing procedures already available from ID-3 stock

Organisations acquire HSMs with standard manufacturer documentation e.g. manuals and release notes. However, when using HSM in a regulated environment, procedures are a more important requirement.

As organisations all typically work within the same boundaries of the HSM’s functionality to provide similar or identical services, it is unsurprising that the clear majority of the procedures that are created serve the same purpose despite being different in guise.

So why are so many companies reinventing the wheel?

Procedures built without wisdom can lead to problems of non-compliance further down the line.

Furthermore, poor procedures:

May fail to capture the relevant detail or sign off. Lack the right amount of detail to make the performance demonstrable. Provide little or no assistance to the during implementation.

Creating the right procedures are typically a project afterthought when there is little access to the devices and their settings to do a good job creating such important documents.

ID-3 provides up to date Collective and Objective procedures

Collective procedures draw upon manufacturer guidelines and processes and years of experience.
Objective procedures draw upon Collective procedure, local policy, manufacture’s guidance, best practice and regulation.

ID-3 DocuSign® HSM Procedure Flow

All you need is:

  • A list of custodians, roles, a witness and a coordinator
  • Email addresses
  • A logo to personalise
Download the procedure

Formed from the collective procedures and relevant policy.

Distribute the procedure

To the relevant stakeholders.

Gather the relevant completion and signatory detail
Add the completed document to the repository

ID-3 prefers to use the paperless approach. In the vast majority of cases HSM users take their procedures, print them out, complete, sign and in the best cases scan the completed procedure and store into a repository but this is inefficient and commonly problematic for any given reason.

ID-3 recognise organisational commitment to ISO9001 and support waste paper cost reduction wherever possible. This is achieved by integration of the procedures with DocuSign® to sign, send and manage documents as opposed to printed paper wherever convenient for the user.

The use of DocuSign electronic signatures along with alternative signing methods including those with higher assurance levels continues to be lawfully permissible for legal documents with effective hand-written equivalence.

Is this legal?

Yes! Signing a document via DocuSign is completely legal and is covered by the eIDAS Regulation 2014, within the EU, UK and the ESIGN Act within the USA.

Furthermore, DocuSign® enables:

  • The use of email to coordinate procedure distribution to relevant custodians.
  • Electronic controls to enable greater visibility of signatory action, with the alternative to let you know exactly whose signature is missing so you can send a reminder.
  • Document’s progress tracking.
  • If necessary, the option to print hard copies of the procedure (if required perhaps to support the implementation or for the convenience of the custodians or process managers).

ID-3 Procedures:

  • Are closely scrutinised by PCI QSA regulatory experts
  • Capture the processing relevant details
  • Ensure sign-off in relevant places
  • Provide a clear and concise attestation of the procedure
  • Support distribution of copies to the relevant parties and the key stakeholders
  • Label appropriately and store in a searchable location ready for Audit
  • Eliminate the time and effort developing procedures already available from our stock
  • Provide access to new procedures as they are developed supporting the current and legacy HSM management interfaces
  • Support procedure customisations to be estimated and performed upon request

Get in touch to download the ID-3 HSM procedures as required from the ID-3 portal or to obtain them through your manufacturers channel partner.

We support documentation for the following product manufacturers.

We currently provide documentation directly or through the following resellers:

  • Planet IT
  • SSL 247
  • Integrity360