1. QuoVadis Group Overview for EUGridPMA

2. Snapshot Trust/Link certificate services for the global enterprise –Digital certificates including End User, Qualified, SSL (including Extended Validation) etc. –Managed PKI (dedicated or shared) –Digital signatures and related technologies Offices in Switzerland, UK, Holland, Bermuda, and New Zealand Focus on acceptance by relying parties –Audits and accreditations –Wide distribution of roots in OS and Browsers

3. Root Distribution Browsers Microsoft Internet Explorer 5.0+ (including Maxthon and others) Mozilla Firefox 1.02+ (including Camino, Fennec, and Sea Monkey) Opera 9.26+ (including Opera Mini) Safari 1.0+ (including mobile Safari) Google Chrome Konqueror and K-Meleon Operating Systems Microsoft Windows XP+ Apple OS/X+ RIM Blackberry 4+ KDE Email Clients Apple Mail.app Eudora Microsoft Entourage Microsoft Outlook Microsoft Outlook Express Mozilla Thunderbird Mozilla Sea Monkey RIM Blackberry Mail (part of Core Applications) Other Microsoft Office Open Office Wide array of OSS applications that use the Mozilla Network Security Services (NSS) libraries 3.9+

4. QuoVadis Services Managed PKI Digital certificates, including Qualified and Advanced certificates, as well as various functional certificates for compliance in Switzerland, Netherlands, UK, and Bermuda. We also provide SSL including the new Extended Validation SSL. Outsourced certification authorities (CA) that can be tailored to the particular needs of a client or community. Rapid-deployment Trust/Link registration authority (RA) web portals for easy issuance for both End User and SSL certificates. Signing Services Trusted time-stamping to reinforce data integrity and non-repudiation in the tracking, storage/archive, or submission of electronic records. Digital signing tools (both client and server side). Root Services Root CA hosting for organisations wishing to set up their own trust anchors. Root CA signing enhances the trust and recognition of customers’ in-house CAs. Our PKI professional services team is skilled in PKI policy, technologies, and integration into customer environments.

5. Summary of our Audits and Accreditations The accreditations maintained by QuoVadis include: –WebTrust for Certification Authorities –WebTrust for Extended Validation –Swiss Qualified Certification Services Provider –Netherlands Qualified Certification Services Provider –Bermuda Authorised Certification Services Provider

6. WebTrust for Certification Authorities WebTrust for CAs is the dominant commercial standard to assess CAs Managed jointly by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA). The annual WebTrust audit of QuoVadis is performed by Ernst & Young. To obtain and retain the WebTrust seal, the CA must meet all the WebTrust for CAs Principles and Criteria. The following areas are included in the scope of every WebTrust engagement 1.CA Business Practices Disclosure 2.Service Integrity 3.CA Environmental Controls

7. WebTrust for Certification Authorities 1.CA Business Practices Disclosure 2.Service Integrity 3.CA Environmental Controls

8. WebTrust for Extended Validation WebTrust for Extended Validation (EV) is used to assess a CA’s controls against the CA/B Forum “Guidelines for the Issuance and Management of EV Certificates”. Only suitably accredited CAs may issue EV SSL certificates. The annual WebTrust for EV audit of QuoVadis is performed by Ernst & Young. The audit tests whether QuoVadis has maintained effective controls to provide reasonable assurance that: –EV Subscriber information was properly collected, authenticated (for the registration activities performed by QuoVadis) and verified, and –The integrity of keys and EV certificates QuoVadis manages is established and protected throughout their lifecycles.

9. Swiss Qualified Certification Services Provider ZertES is the Swiss digital signature law. ZertES accreditation is granted by the Swiss Accreditation Service (SAS) and the Swiss Federal Office of Communications (BAKOM) based on an audit by KPMG QuoVadis are audited against the requirements of Swiss law and on ETSI standards for Qualified Certification Service Providers and Time Stamping Authorities. The following areas are included in the scope of the audit: –The Certification Service Provider (CSP) requirements of ZertES and the accompanying VZertES regulatory provisions –Requirements for Time Stamping Authorities (TSA) based on ETSI TS 102.023 and ETSI TS 101.861 –Requirements for Qualified Electronic Signatures according to ETSI TS 101.456, ETSI TS 101.862 and SR943.032.1

10. Netherlands Qualified Certification Services Provider QuoVadis is certified by BSI for compliance with the TTP.NL Scheme for Certification Authorities. The TTP.NL initiative is based on the European Directive for electronic signatures and the European standard ETSI TS 101 456. This annual audit is performed by KPMG for BSI. Bermuda Authorised Certification Services Provider The Bermuda Authorised Certification Services Provider accreditation is granted by the Ministry of Energy, Telecommunications and E-Commerce. The CSP standard includes elements of ISO 17799 (Code of Practice for Information Security Management), EESSI (European Electronic Signature Standardisation Initiative), and WebTrust for CAs. The Accreditation is based on an external review defined in the Bermuda Electronic Transactions Act. This review was performed by Ernst & Young. This Accreditation requires biennial certification by the Government.

11. QuoVadis Secure Data Centre - Bermuda The QuoVadis Secure Data Centre in Bermuda is a Lampertz SYS-DATA IT Security room that meets a number of international standards. The data centre is a “stand alone” security room with a modular construction with tested wall, ceiling and floor elements. The room is designed to offer protection against fire, humidity, magnetic influences, unauthorized access, explosions, falling debris and radiation. The data centre meets a number of international standards, including: –BS/EN1047-2:2000 - the British Standard relating to data centres. The standard includes classification and methods of test for resistance to fire. –Fire protection – meets DIN 4102 F90 fire protection standard (withstand a fire lasting 90 minutes from inside and outside) –Smoke Proof – meets the DIN 18095 smoke protection standard –Tightness against water and dust – meets the IP55 EN 60529 standard relating to the sealing against intrusion from foreign bodies –Burglar protection – the door system meets the DIN 18103 standard (ET2)