Outils personnels

Member Charter

De documentation SEPAmail.

Cette page est une traduction de la page Charte de l'adhérent et la traduction est complétée à 96 % et à jour.
Les traductions désuètes sont marquées comme ceci.

Modèle:TOC:security

Introduction

The SEPAmailmessagerie bancaire sécurisée. member is a key player in the service offer of the SEPAmailmessagerie bancaire sécurisée. secure messaging service. The member must therefore adhere to different rules in order to ensure compliance with the quality and security levels provided by the messaging service:

  • availability
  • authentication
  • confidentiality
  • traceability
  • date and time stamp
  • integrity
  • supervision

The 4-Corner Model

  • In this model, the SEPAmailmessagerie bancaire sécurisée. member provides services to its customer with which it has a contract.
  • To reach its customer’s counterparty, the SEPAmailmessagerie bancaire sécurisée. member establishes contact with the counterparty’s SEPAmailmessagerie bancaire sécurisée. member.

The rules related to the SEPAmailmessagerie bancaire sécurisée. messaging service are defined between 2 SEPAmailmessagerie bancaire sécurisée. members. They are ALSO applied in the event that the counterparty and the customer have the same member (this is also the case for traceability rules).

Each member undertakes to strictly comply with the 4-corner model. In particular, a member cannot process a Report message if it has not seen the related Request message.

Relationship between the SEPAmailmessagerie bancaire sécurisée. Member and its Customer

  • Regarding the exchange of data with its own customer, the SEPAmailmessagerie bancaire sécurisée. member undertakes to apply the same quality and security levels as required for exchanges between members.
  • Operational implementation may use the SEPAmailmessagerie bancaire sécurisée. standard and the SEPAMAIL.EU procedures (Scheme Manager) without this being a requirement
  • Nevertheless, the Scheme Manager can take more restrictive actions in relation to all SEPAmailmessagerie bancaire sécurisée. members in the event of practices detrimental to the security and image of the SEPAmailmessagerie bancaire sécurisée. network.


Membership

  • Any entity managing a BICBank Identifier Code, norme ISO 9362:1994, which has requested membership in the SEPAmailmessagerie bancaire sécurisée. structure, and which has received approval for this applicationune application SEPAmail est liée à un service bancaire proposé. Elle peut se définir comme une séquence de messages utilisant le dispositif technique SEPAmail from SEPAMAIL.EU, is entitled to become a SEPAmailmessagerie bancaire sécurisée. member.
  • A SEPAmailmessagerie bancaire sécurisée. member must indicate the ecosystems it is able to process and must also indicate the digital signature and encryption certificates of the missives.
  • Due to its contractual relationship with SEPAMAIL.EU, the SEPAmailmessagerie bancaire sécurisée. member accepts the legal probative value of its signature provided that it signs a missive with the certificates it has declared. Given this contractual relationship model, the network of SEPAmailmessagerie bancaire sécurisée. members are freed from dependence on market tools of third party certification authorities. In particular, regarding restrictive rules shared by all in terms of certificate class guarantees only about this issue of the probative value of the signature.
  • If necessary, the SEPAmailmessagerie bancaire sécurisée. member indicates the blocked CRL of its certificates.
  • The Scheme Manager can ask a member to use a CRL shared by the members and managed by the Scheme Manager.
  • The SEPAmailmessagerie bancaire sécurisée. member must implement state of the art mechanisms to protect against any compromise of the secret keys associated with its certificates. In the event of a compromise, the SEPAmailmessagerie bancaire sécurisée. member undertakes to update the CRL (Certificate Revocation List) as quickly as possible. The compromise of private keys, the absence of quick and appropriate action or the non-implementation of the Charter are considered valid reasons for the exclusion of a member (as stipulated in the membership contract).

Membership certificates are therefore known in advance by all other members in a Scheme Manager reference document and reciprocally. Only known certificates are accepted in data exchanges.

To ensure supervision, the member undertakes to provide statistical data to SEPAMAIL.EU in compliance with the specifications of the standard.

SEPAmailmessagerie bancaire sécurisée. Members – Receiving a Nominal Missive

Availability

  • SEPAmailmessagerie bancaire sécurisée. members are required to provide a 24/7 service for receiving SEPAmailmessagerie bancaire sécurisée. missives.
  • Time availability (actual time of availability/total time of availability) is subject to the rules defined by the Scheme Manager.
  • Transaction availability (number of missives processed/number of missives sent) is subject to the rules defined by the Scheme Manager.
  • Response time (time between the sending of the nominal missive and the receiving of the first acknowledgement missive) is subject to the rules defined by the Scheme Manager.
  • The Scheme Manager may have to implement control test flows regarding availability. In this event, the proportion of the test flows is to be negligible in relation to production flows.

Traceability of Data Received for Customers

  • A SEPAmailmessagerie bancaire sécurisée. member is required to send back an acknowledgement of receipt for each missive it receives (in the form of an acknowledgement missive), which is in compliance with the time frames defined in the standard and according to the priority level of the missive.
  • The acknowledgement missive indicates the stamp of the corresponding nominal missive as well as the date and time.
  • Independently of the other missives, the SEPAmailmessagerie bancaire sécurisée. member must be able to store and produce either for its customer or for the counterparty’s member, the nominal missive it received AND the corresponding acknowledgement missive, as well as the related signature elements in the envelope format defined by the SEPAmailmessagerie bancaire sécurisée. standard. This requirement is applied for a temporary period (1 year maximum) depending on the standards to be defined by SEPAMAIL.EU.
  • The SEPAmailmessagerie bancaire sécurisée. member is required to store the time/date stamps of the missives for longer periods of time (10 years or more, depending on the service) in the event of an arbitration based on the data provided by the users.

The Scheme archives all the signature certificates provided by the SEPAmailmessagerie bancaire sécurisée. members for future verification, if necessary.

Confidentiality

  • The SEPAmailmessagerie bancaire sécurisée. member can decrypt the missives it receives only if the confidentiality of the decrypted data is ensured.
  • The SEPAmailmessagerie bancaire sécurisée. member is authorized to process unencrypted data it receives provided that the confidentiality of the data is guaranteed. The guaranteed level of confidentiality is identical to the level defined in the law related to banking secret obligations (insert relevant article from the law).
    • If the member is a bank, it must therefore treat the received data as banking data.
    • If the member is not a bank, it must therefore implement appropriate mechanisms for the required level.

Authentication of the Sending Member

  • For each missive, the SEPAmailmessagerie bancaire sécurisée. member must perform the controls described in the standard, especially related to the signature and certificate. It must react in an appropriate manner (negative acknowledgement) in the event of an inaccuracy.
  • The SEPAmailmessagerie bancaire sécurisée. member must verify the CRL of the other members at least once a day.

Management of User Data

  • The SEPAmailmessagerie bancaire sécurisée. member is required to propagate the user data without making any changes or additions other than those specified and authorized by the standard. In particular, the member undertakes to propagate the user data it receives even if it is defined as optional in the standard.

SEPAmailmessagerie bancaire sécurisée. Member – Transmission of Nominal Missives

Availability

  • The SEPAmailmessagerie bancaire sécurisée. member must implement the opening of the SEPAmailmessagerie bancaire sécurisée. missives transmission service according to the service offer it has contracted with its customers.
  • The SEPAmailmessagerie bancaire sécurisée. member must implement the relevant counters to monitor the weighted availability of the servers of the SEPAmailmessagerie bancaire sécurisée. members which receive missives (number of acknowledgement missives received/number of nominal missives sent). Additional indicators may be defined by the Scheme Manager.

Traceability of Data Sent on behalf of Customer

  • The SEPAmailmessagerie bancaire sécurisée. member must send customer data encapsulated in a missive which is compliant with SEPAmailmessagerie bancaire sécurisée. standards and which indicates the date/time and checksum of the data.
  • The SEPAmailmessagerie bancaire sécurisée. member must wait for an acknowledgement missive in compliance with the standard defined by the norm and must re-transmit the missive, if necessary.
  • Independently of the other missives, the SEPAmailmessagerie bancaire sécurisée. member must be able to store and produce either for its customer or for the receiving counterparty’s member, the nominal missive it received AND the corresponding acknowledgement missive, as well as the related signature elements in the envelope format defined by the SEPAmailmessagerie bancaire sécurisée. standard. This restitution of data must include all the relevant re-transmitted missives in the event of the non-reception (or deferred reception) of the acknowledgement missive.

Confidentiality

  • The SEPAmailmessagerie bancaire sécurisée. member is bound to the same obligations for the sending of data as those defined for the receiving of data.

Authentication of the Recipient Member

  • The SEPAmailmessagerie bancaire sécurisée. member must use the recipient member’s certificate, i.e. the certificate corresponding to the BICBank Identifier Code, norme ISO 9362:1994 of the TO of the missive which was sent.
  • The SEPAmailmessagerie bancaire sécurisée. member must monitor the CRL of the other members at least once a day.

Management of User Data

  • The SEPAmailmessagerie bancaire sécurisée. member is bound to the same obligations for the sending of data as those defined for the receiving of data.

Autres langues :English 96% • ‎Français 100%