buscar

Technology Update
Our present is the best guarantee for the future

EDICOM as a Certification Authority Helps to Comply With NOM151

06/07/2018

In 2002 the Mexican government started down the path toward a legal framework to cover in trade relations the retention of data in electronic format, resulting from contracts, agreements or commitments that grant rights and obligations between public and private entities. The result was the approval of the Official Mexican Standard NOM-151-SCFI-2002. The NOM 151, after various modifications has evolved toward the NOM-151-SCFI-2016.

Approved in January 2017, the Official Mexican Standard NOM-151-SCFI-2016 replaces the NOM-151-SCFI-2002 and currently governs the mechanisms that should be observed for the retention of data messages and digitalization of paper documents. The NOM151 sets a series of clear and rigorous criteria for the irrefutable accreditation that a document, either electronic in origin or the result of a process of digitalization, constitutes a valid original. This validity is determined by a prestigious third party accrediting the origin and integrity of these documents.

The following elements are involved in the retention of data messages and in digitalization: advanced electronic signature, constancy and archiving retention records, as well as digitalized documents. In the first two cases, they must be issued and controlled by a legally authorized third party as Certification Service Provider (CSP). It is the user who is in charge of retention, who can contract a third party for their administration.

In Mexico, EDICOM has been accredited for providing these services through resolution number 316.09.00483, dated 5 March 2009 published in the Official Journal of 7 May 2009.

As a Certification Authority in Mexico (ACEDICOMMX), EDICOM provides natural and legal persons with mechanisms for secure electronic identification that allows them to carry out activities where electronic signatures replace handwritten signatures with identical legal guarantees. For more information on ACEDICOMMX.

EDICOM is a technology provider specializing in EDI and Electronic Invoicing, with experience in international projects and is a Certification Authority for Europe and Mexico. This means that B2B the ecommerce solutions it offers as a technology provider are equipped with tools that guarantee the exchange of electronic messages securely, integrally and confidentially.

With this objective, the range of services EDICOM has developed allows the customer to cover all the technical needs to comply with all the requirements of NOM151.

EDICOM services as a Certification Authority

  • Issuance of certificates. EDICOM as a Certification Authority issues certificates that allow accrediting the identity of people and companies that use them to ensure the security of their electronic communications.

What are electronic certificates used for? For the electronic signature of documents and software, data encryption, digitalization or certified archiving or personal identification. In the case of the NOM151, it requires the use of certificates in the name of the holders of the documents to be retained.

The certificates can be non-qualified or qualified, with the qualified offering greater guarantees, as they meet a series of requirements that increase their security, the signatures obtained from them are the so-called advanced or trusted signatures.

To know more about certificate types:

 

  • Remote qualified signing service. The Remote Signing service of EDICOM “EDICOM CRYPTO SERVER (ECS)” allows qualified signing with certificates archived in secure signature creation devices (SSCD) via a WebService interface on HTTPS.
  • Time stamping. Time stamping is an online mechanism that allows demonstrating that a series of data have existed and have not been altered from a specific point of time.

In the context of the application of the NOM151, the time stamp is a service provided by the EDICOM Certification Authority that represents an electronic record used to verify its reception at a given moment of date, hour, minute and second. Any subsequent changes to that date on the original document can be detected immediately. In this way, added to the requirements of integrity and origin guaranteed by the digital signature, are the verification of the moment in which they were certified.

  • Long-term electronic archiving. EDICOM offers specific services of long-term archiving of all elements that make up the record files (Documents, ASN.1 Retention Request, NOM151 Data Message Retention Record), preserving at all times the characteristics of authenticity and integrity and allowing consultation, display and verification of the archived documents at any time. This archiving service, known as EDICOMLta, also offers reports with the detail of the evidence that justifies the actions taken to ensure the integrity and authenticity of documents archived, offering the probative value of the records retained at the request of third parties.
  • Certificate Revocation Lists (CRL) are a directory which include the list of certificates no longer valid in the electronic signature processes. These lists are updated by the EDICOM Certification Services Provider every 24 hours at the most.

It is also possible to see the revocation status of the certificates with consultations to the EDICOM Validation Services by means of the OCSP protocol (Online Certificate Status Protocol). This protocol allows determining the status of a certificate without having to consult the complete list of the CRL.

Would you like to find out more?


Ask for information.

Tags

Cloud Computing B2B Cloud Platform EDI ASP-SaaS e-Invoicing GDSN VMI VAN OFTP2 AS2 Certification Authority Digital Signature Outsourcing SLA Software EDICOM Events Expert Chat SaaS-ASP Corporate Information GS1 CFDI PAC APP Associated Facturae Data Sync NOM151 partners EDICOM Retail public administrations Acreditations Web Portal EDI NF-e einvoicing Partner Web Portal SAP EDI Health Edicomdata CRP EBI ei Payroll Portal B2B EDICOMNet edi logistics SAFT-PT Ticket Portal Avaluos business@mail EDI Manufacturers CT-e NFS-e TSD epayrolls factura electronica edi automotive customer support center comprobante de pago CAE e-billing DTE e-awb comprobantes fiscales electrónicos nfc-e eaccounting contabilidad electronica CFE comprobante fiscal electronico compliance eAWB retenciones electronicas xml-cargo peppol edicom air iata e-cargo IVA Cargo-XML EDICOMAir SUNAT Perú SEE Business Mail Payrolls recibos de sueldo EDI Auto b2g eprocurement datapool panama sii PCRDD SII AEAT NHS edi academy comercio exterior EDICOM LTA sat paperless mmog OFTP EDI Web colombia CFDI Nóminas DIAN México SAF-T VAT DESADV ASN Fatture B2B Costa Rica Complemento pagos Chorus Pro moda interoperabilidad Cancelación suministro inmediato de información european union digitalización emisión electrónica openpeppol global einvoicing factura electrónica ecuador automotive industry United States and Mexico edicom sii norway VAT compliance tax administration air freight sector UNCTAD aviso de expedición Advanced Shipped Notice Despatch Advice data synchronization peppol network peppol standards peppol european union chile tendencias interoperability interconexión SINTEL Brasil interoperabilidade foreign trade e-procurement trends digitization digital transformation SaaS edicomsii MMOG/LE latam global einvociing cybersecurity EDI financeiro white paper factura electrónica colombia fintech fashion eIDAS e-archiving ebimap SME EDICOMLta e-commerce EDI financiero russia fattura b2b B2B e-Invoicing GDPR RTIR FACe FACeB2B portugal blockchain ItalyNSO

Follow us on

  • linkedin
  • rss