Page:Electronic Transactions Ordinance (Cap. 553).pdf/28

ELECTRONIC TRANSACTIONS ORDINANCE '''43. Recognized certification authority to furnish report on compliance with Ordinance and code of practice'''

(1) At least once in every 12 months, a recognized certification authority must furnish to the Director a report containing an assessment as to whether the recognized certification authority has complied with the provisions of this Ordinance applicable to a recognized certification authority and the code of practice during the report period.

(2) A report under subsection (1) must be prepared, at the expense of the certification authority, by a person approved by the Director as being qualified to make such a report.

(3) The Director must publish in the certification authority disclosure record for the certification authority the date of the report and the material information in the report.

(4) In subsection (1) “report period” (所涵蓋的期間), in relation to a report (“current report”), means the period beginning on—
 * (a) the date on which recognition is granted under section 21 or section 34 comes into operation; or
 * (b) the day following the last day of the period for which the last report under that subsection was furnished,

as the case may require, and ending on the last day of the period for which the current report is furnished.

44. Recognized certification authority to issue a certification practice statement

A recognized certification authority must issue and maintain an up to date certification practice statement and notify the Director of changes to the practices of the certification authority as set out in that statement.

45. Recognized certification authority to maintain repository

(1) A recognized certification authority must maintain or cause to be maintained an on-line and publicly accessible repository.

(2) The Director must publish in the Gazette a list of the repositories maintained under subsection (1).