Initial preparations
Before you can start integrating with the Signicat solution for DigiD CombiConnect, your organisation needs to complete a series of preparatory steps, such as signing agreements, obtaining certificates, understanding and preparing for the security and audit requirements.
Note that the application process requires communication between your organisation and Logius, the provider of DigiD CombiConnect, and also between your organisation and Signicat's onboarding team.
It is important to note that you must first integrate in a pre-production/test environment that you share with Logius for review. Then, after you have received approval on your pre-production setup, you may start integrating with DigiD CombiConnect in a production environment.
This page contains information about the onboarding steps you need to follow ahead of implementing DigiD CombiConnect in your application.
Overview
1. Sign agreements with Signicat
To get started with onboarding, you need sign contractual agreements with us. These are necessary to grant you access to our services. In particular, you need to sign:
- An agreement contract
- A data processing agreement (DPA) (signed by a legal representative)
When you are ready, contact one of our digital experts:
Note that integration with DigiD CombiConnect is restricted to organisations offering services in the public domain such as the government, educational institutes, healthcare institutions or pension funds.
2. Comply with Logius requirements
Note that your organisation must comply with the mandatory security and infrastructure requirements of Logius. In particular, your connection needs to meet the criteria specified in:
Assessment and audit
Your DigiD CombiConnect connection must undergo an official assessment by an external and certified DigiD auditor within two months after it is live in production. Your organisation should arrange the audit during the integration process.
Note that organisations connected to DigiD CombiConnect must also undergo annual ICT security assessments. You can find more information in the ICT security assessments page on the Logius website.
The Signicat integration of DigiD CombiConnect undergoes a yearly assessment where we supply our DigiD Generieke Rapporten voor de Serviceorganisatie (RSO, formerly TPM) certificate to our service providers. You should use the Signicat RSO certificate in your audit with Logius.
3. Register with RvIG
Registration with the Dutch governmental organisation Rijksdienst voor Identiteitsgegevens (RvIG) is required when organisations plan on processing a person's BSN attribute.
As part of the assessment, RvIG checks whether your organisation qualifies to request a person's BSN during authentication.
You can find the application form for BSN eligibility in the Aanvraagformulier Toetsing BSN-gerechtigdheid.