When Integrating with PASI, software solutions will need to consider how their PASI Certificates will be managed / secured within their solution.
The following questions should be considered when an integration solution establishes the processes and functionality used when Managing PASI Certificates.
PASI certificates are valid for 14 months. When a SIS’s PASI certificate expires, it will no longer be able to communicate with PASI. To avoid PASI connectivity interruptions, a new certificate must be requested and installed prior to the expiration of the current PASI certificate.
PASI recommends that a SIS have functionality that allows administration staff to view a SIS’s certificate details such as certificate expiry date. As well, when a certificate is approaching its expiration date, the SIS must provide advance notification to administration staff of the ‘soon to expire’ PASI certificate so action can be taken to request and install a new PASI certificate.
PASI recommends when a SIS is no longer able to communicate with PASI, due to an expired certificate or any other reason, it must immediately notify administration staff so actions can be taken to resolve the issue.
Certificates used for connection to PASI must be secured to ensure they can only be used by the SIS to access PASI data.
PASI requires that certificates be stored on a physically secured server with appropriate physical and logical access controls and auditing in place.