(1) The working method and practice of the certifying body must be in accordance with the prevailing law.
(2) The certifying body shall perform its work in such a manner as to fully guarantee the security, reliability and confidentiality of digital signatures, information and other matters.
(3) The information technology and security guidelines used by the certifying body shall be as issued by the Government of Nepal on the recommendation of the Controller.
(4) The information technology and security policy used by the certifying body shall be based on the security guidelines issued in accordance with sub-rule (3).