← Government of The Netherlands, PKIoverheid (Logius) cases
Bugzilla #1983267
Policy Compliance
PKIoverheid: TSP KPN Findings in 2025 ETSI Audit - Incident Report #7 – Change Management
RESOLVED
FIXED
Government of The Netherlands, PKIoverheid (Logius)
AI Summary
The incident report details a minor non-conformity identified during an annual ETSI audit regarding KPN's change management procedures. It was noted that established procedures were not consistently followed for system configuration changes, particularly concerning Ansible changes. KPN has since implemented an API connection to ensure that future changes are automatically recorded in their service management tooling. The remediation has been completed ahead of schedule, and KPN is committed to adhering to change management protocols moving forward.
Chronology
- Non-compliance identified by auditor
- Corrective Action Plan created
- Corrective Action Plan approved by auditor
- Remediation completed ahead of schedule
- Closure statement filed
Participants
pkioverheid@logius.nl
dhollenback@apple.com
incident-reporting@ccadb.org
External References
Similar Local Cases
PKIoverheid: TSP KPN Findings in 2025 ETSI Audit - Incident Report #15 – Outdated Software
PKIoverheid: TSP KPN Findings in 2025 ETSI Audit - Incident Report #2 – Compliance Management
PKIoverheid: KPN CPS lacks CPR problem reporting instructions
PKIoverheid: Missing Intermediate CA from audit statement
PKIoverheid: Compliance issues CIBG TLS certificates
PKIoverheid: No BR Audit for Intermediate CAs technically capable of issuing TLS certs
PKIoverheid: KPN CPS Lists Forbidden Domain Validation Method 3.2.2.4.6
TWCA: Missing or Inconsistent Disclosure of S/MIME BR Audits