Audit Compliance Hero

Compliance around the world

Bringing digital trust through audits and accreditations, independently vetted to the highest international standards.

 

Compliance Accreditations

As a leader in encryption and trusted identity, DigiCert and their fully owned subsidiary QuoVadis maintain a suite of accreditations and independent audits. Protect your systems and users with the highest levels of assurance, including certification as a Qualified Trust Service Provider (TSP) under ETSI standards. 

Audit Compliance Blade

DigiCert Global Accreditations

SOC 2 Type II

  • Trust Service Requirements: Detail operational effectiveness of systems to manage customer data based on five “trust service principles”—security, availability, processing integrity, confidentiality, and privacy.
  • Audit Description: Annual audits to ensure data is securely managed to protect the interests of organizations and clients.
  • Product/Platform: DNSTrust
  • Supervisory Authority: American Institute of Certified Public Accountants (AICPA)
  • Accreditation Body/Auditor: A-Lign (DNSME)
  • Geographical Applicability: Global

 

Certification Image 1

SOC 2 Type II / Type III

  • Trust Service Requirements: Detail operational effectiveness of systems to manage customer data based on five “trust service principles”—security, availability, processing integrity, confidentiality, and privacy.
  • Audit Description: Annual audits to ensure data is securely managed to protect the interests of organizations and clients. SOC 2 replaces legacy SAS 70 reporting standard.
  • Product/Platform: CertCentral, DigiCert ONE, DigiCert PKI Platform 8
  • Supervisory Authority: American Institute of Certified Public Accountants (AICPA)
  • Accreditation Body/Auditor: BDO (DigiCert)
  • Geographical Applicability: Global

 

WebTrust Program for Certification Authorities (CAs)

  • Trust Service Requirements: Adequacy and effectiveness of controls deployed by a Certification Authority (CA). 
  • Audit Description: Annual audit performed on DigiCert's key management cycle management authority (CA) business practices disclosures and CA environmental controls supporting DigiCert public and managed PKI CA services.
  • Product/Platform: CertCentral, DigiCert ONE, DigiCert PKI Platform 8, MPKI 7 (Japan)
  • Supervisory Authority: Chartered Professional Accountants of Canada (CPA Canada).
  • Accreditation Body/Auditor: BDO
  • Geographical Applicability: Global

 

WebTrust for Baseline Requirements

  • Trust Service Requirements: CA/B Forum “Baseline Requirements for the Issuance and Management of Publicly Trusted Certificates.”
  • Audit Description: Annual audit performed on DigiCert’s key management cycle management authority (CA) business practices disclosures and CA environmental controls supporting DigiCert public and managed PKI CA services.
  • Product/Platform: CertCentral, DigiCert PKI Platform 8 (for S/MIME in 2024)
  • Supervisory Authority: CPA Canada
  • Accreditation Body/Auditor: BDO
  • Geographical Applicability: Global

 

WebTrust for Extended Validation

  • Trust Service Requirements: CA/B Forum “Guidelines for the Issuance and Management of EV Certificates.”
  • Audit Description: Annual audit performed on DigiCert’s key management cycle management authority (CA) business practices disclosures and CA environmental controls supporting DigiCert public and managed PKI CA services.
  • Product/Platform: CertCentral
  • Supervisory Authority: CPA Canada
  • Accreditation Body/Auditor: BDO
  • Geographical Applicability: Global

 

WebTrust for Code Signing

  • Trust Service Requirements: Code Signing Working Group’s Minimum Requirements for the Issuance and Management of Publicly Trusted Code Signing Certificates.
  • Audit Description: Annual audit performed on DigiCert’s key management cycle management authority (CA) business practices disclosures and CA environmental controls supporting DigiCert public and managed PKI CA services.
  • Product/Platform: DigiCert ONE Software Trust Manager (STM)
  • Supervisory Authority: CPA Canada
  • Accreditation Body/Auditor: BDO
  • Geographical Applicability: Global

 

WebTrust for VMC
  • Trust Service Requirements: Based on the Minimum Security Requirements for the Issuance of Verified Mark Certificates.
  • Audit Description: Annual audit performed on DigiCert’s issuance of Verified Mark Certificates.
  • Product/Platform: CertCentral
  • Supervisory Authority: CPA Canada
  • Accreditation Body/Auditor: BDO
  • Geographical Applicability: Global

 

Certification Image 7

WebTrust for AATL

  • Trust Service Requirements: Adobe Approved Trust List program, which verifies digital signatures in PDF documents that can be traced back to high-assurance, trustworthy certificates trusted by Acrobat and Reader.
  • Audit Description: Annual audit performed on DigiCert’s issuance of Qualified Certificates.
  • Product/Platform: CertCentral, DigiCert PKI Platform 8
  • Supervisory Authority: CPA Canada
  • Accreditation Body/Auditor: BDO

 

Certification Image 8

WebTrust for Matter

  • Trust Service Requirements: Adequacy and effectiveness of controls deployed by a Certification Authority (CA).
  • Audit Description: Annual audit performed on DigiCert’s key management cycle management authority (CA) business practices disclosures and CA environmental controls supporting DigiCert private and matter PKI CA services.
  • Product/Platform: DigiCert ONE IoT Trust Manager (IoT)
  • Supervisory Authority: Chartered Professional Accountants of Canada (CPA Canada)
  • Accreditation Body/Auditor: BDO
  • Geographical Applicability: Global

 

US Accreditations

Federal PKI Policy Authority

  • Trust Service Requirements: NIST SP800-53, which specifies security controls for information systems supporting the executive agencies of the U.S. federal government. Adherence to Common Policy.
  • Audit Description: Annual audit of services, procedures, and practices as part of the identity federation agreement with the U.S. Government to provide services.
  • Product/Platform: DigiCert Direct
  • Supervisory Authority: Federal Public Key Infrastructure Policy Authority (FPKIPA)
  • Accreditation Body/Auditor: Federal Public Key Infrastructure Policy Authority (FPKIPA)
  • Geographical Applicability: United States

 

DirectTrust™ Accreditation Program for Certificate Authorities (CAs)

  • Trust Service Requirements: Direct Standard™ and requirements of the DirectTrust Security and Trust framework.
  • Audit Description: Biennial audit of CA services against a series of technical, physical, and operational criteria.
  • Product/Platform: DigiCert Direct
  • Supervisory Authority: DirectTrust
  • Accreditation Body/Auditor: DirectTrust
  • Geographical Applicability: United States

 

DirectTrust™ Accreditation Program for Registration Authorities (RAs)

  • Trust Service Requirements: Direct Standard™ and requirements of the DirectTrust Security and Trust framework.
  • Audit Description: Biennial audit of RA services against a series of technical, physical, and operational criteria.
  • Product/Platform: DigiCert Direct
  • Supervisory Authority: DirectTrust
  • Accreditation Body/Auditor: DirectTrust
  • Geographical Applicability: United States

 

Certification Image 11

WebTrust for Certipath

  • Trust Service Requirements: Adequacy and effectiveness of controls deployed by a Certification Authority (CA).
  • Audit Description: Annual audits performed on Certipath’s key management cycle management authority (CA) business practices disclosures and CA environmental controls supporting Certipath public and managed PKI CA services.
  • Product/Platform: DigiCert PKI Platform 8
  • Supervisory Authority: CPA Canada
  • Accreditation Body/Auditor: BDO
  • Geographical Applicability: Americas

 

Certification Image 12

WebTrust for DirectTrust

  • Trust Service Requirements: Adequacy and effectiveness of physical controls deployed by a Certification Authority (CA).
  • Audit Description: Annual audit performed on DigiCert’s physical management of DirectTrust CA services.
  • Product/Platform: DigiCert Direct
  • Supervisory Authority: CPA Canada
  • Accreditation Body/Auditor: BDO
  • Geographical Applicability: Americas

 

Asia Pacific Accreditations

Certification Image 13
ISAE 3402
  • Trust Service Requirements: ISAE 3402, an international assurance standard that describes Service Organization Control (SOC) engagements, which provides assurance to an organization's customer that the service organization has adequate internal controls.
  • Audit Description: Annual audit on internal controls over financial reporting.
  • Product/Platform: DigiCert ONE Trust Lifecycle Manager (TLM) (Japan), MPKI 7 (Japan)
  • Supervisory Authority: International Auditing and Assurance Standards Board (IAASB), International Federation of Accountants (IFAC)
  • Accreditation Body/Auditor: BDO Sanyu
  • Geographical Applicability: Japan

 

ISO 27001
  • Trust Service Requirements: Compliance with ISO 27001 Information Security Management Systems Requirements Specification (formerly known as BS7799-2)
  • Audit Description: Annual audit to evaluate how securely an organization manages and stores its information and data in our Japan Data Center.
  • Product/Platform: DigiCert ONE Trust Lifecycle Manager (TLM) (Japan), MPKI 7 (Japan)
  • Supervisory Authority: International Organization for Standardization
  • Accreditation Body/Auditor: BDO Sanyu
  • Geographical Applicability: Japan

 

Gatekeeper Public Key Infrastructure Framework
  • Trust Service RequirementsDigital ID Policy Branch, Gatekeeper PKI Framework v3.1 (research)
  • Audit Description: Annual audit that cover protective security governance, personnel security, information security and physical security.
  • Product/Platform: Gatekeeper (product), MPKI 7 system 
  • Supervisory Authority: Australian Government Department of Finance 
  • Accreditation Body/Auditor: Sekuro
  • Geographical Applicability: Australia 

 

European Accreditations

Certification Image 16
ZertES Qualified Certification Services Provider
  • Trust Service Requirements: Swiss Law and ETSI standards for Qualified Certification Service Providers (CSP) and Time Stamping Authorities.
  • Audit Description: Annual audit of QuoVadis Trustlink Schweiz AG to ensure conformity with the requirements for Qualified and Regulated Certificates and Qualified Time-Stamps.
  • Product/Platform: TrustLink (QuoVadis legacy), CertCentral/DigiCert ONE
  • Supervisory Authority: Swiss Accreditation Service (SAS), Bundesamt für Kommunikation (BAKOM)
  • Accreditation Body/Auditor: KPMG
  • Geographical Applicability: Switzerland

 

Certification Image 17
Netherlands Qualified Trust Services Provider 
  • Trust Service Requirements: ETSI EN 319 411-1, ETSI EN 319 411-2, Regulation (EU) nº 910/2014
  • Audit Description: Annual audit of QuoVadis Trustlink Netherlands BV for accreditation to be a Qualified Trust Services Provider (QTSP), to issue Qualified Certificates for Electronic Signature, Electronic Seal, Website Authentication and Qualified Time-Stamps.
  • Product/Platform: TrustLink (QuoVadis legacy), CertCentral/DigiCert ONE
  • Supervisory Authority: RDI
  • Accreditation Body/Auditor: BSI (QuoVadis legacy), TayllorCox (DigiCert Europe)
  • Geographical Applicability: Netherlands – but applies across the European Union.

 

Trust Service Provider (TSP) for PKIoverheid
  • Trust Service Requirements: ETSI EN 319 411-1, ETSI EN 319 411-2, PKIoverheid Program of Requirements standards to issue Qualified Certificates for Electronic Signature, Electronic Seal and Website Authentication under the Staat der Nederlanden Root.
  • Audit Description: Annual audit to maintain accreditation as a TSP for the Dutch government.
  • Product/Platform: TrustLink (QuoVadis legacy), CertCentral/DigiCert ONE
  • Supervisory Authority: Logius Policy Management Authority for PKIoverheid
  •  Accreditation Body/Auditor: BSI (QuoVadis legacy), TayllorCox (DigiCert Europe)
  •  Geographical Applicability: Netherlands

 

Certification Image 19
Belgium Qualified Trust Services Provider
  • Trust Service Requirements: ETSI EN 319 411-1, ETSI EN 319 411-2, Regulation (EU) nº 910/2014
  • Audit Description: Annual audit of DigiCert Europe Belgium BV for accreditation to be a Qualified Trust Services Provider (QTSP), to issue Qualified Certificates for Electronic Signature and Electronic Seal.
  • Product/Platform: TrustLink (QuoVadis legacy), CertCentral/DigiCert ONE
  • Supervisory Authority: Belgian FPS Economy - Quality and Safety
  • Accreditation Body/Auditor: BSI (QuoVadis legacy), TayllorCox (DigiCert Europe)
  • Geographical Applicability: Belgium – but applies across the European Union.

DigiCert+QuoVadis Accreditations

WebTrust Program for Certification Authorities (CAs)

  • Trust Service Requirements: Adequacy and effectiveness of controls deployed by a Certification Authority (CA).
  • Audit Description: Annual audit performed on DigiCert’s key management cycle management authority (CA) business practices disclosures and CA environmental controls supporting DigiCert public and managed PKI CA services.
  • Product/Platform: TrustLink (QuoVadis legacy)
  • Supervisory Authority: Chartered Professional Accountants of Canada (CPA Canada)
  • Accreditation Body/Auditor: Ernst & Young (EY)
  • Geographical Applicability: Global

 

WebTrust for Baseline Requirements

  • Trust Service Requirements: CA/B Forum "Baseline Requirements for the Issuance and Management of Publicly Trusted Certificates."
  • Audit Description: Annual audit performed on DigiCert’s key management cycle management authority (CA) business practices disclosures and CA environmental controls supporting DigiCert public and managed PKI CA services.
  • Product/Platform: TrustLink (QuoVadis legacy)
  • Supervisory Authority: CPA Canada
  • Accreditation Body/Auditor: EY
  • Geographical Applicability: Global

 

WebTrust for Extended Validation

  • Trust Service Requirements: CA/B Forum “Guidelines for the Issuance and Management of EV Certificates.”
  • Audit Description: Annual audit performed on DigiCert’s key management cycle management authority (CA) business practices disclosures and CA environmental controls supporting DigiCert public and managed PKI CA services.
  • Product/Platform: TrustLink (QuoVadis legacy)
  • Supervisory Authority: CPA Canada
  • Accreditation Body/Auditor: EY
  • Geographical Applicability: Global

 

WebTrust for Code Signing

  • Trust Service Requirements: Code Signing Working Group’s Minimum Requirements for the Issuance and Management of Publicly Trusted Code Signing Certificates.
  • Audit Description: Annual audit performed on DigiCert’s key management cycle management authority (CA) business practices disclosures and CA environmental controls supporting DigiCert public and managed PKI CA services.
  • Product/Platform: TrustLink (QuoVadis legacy)
  • Supervisory Authority: CPA Canada
  • Accreditation Body/Auditor: EY
  • Geographical Applicability: Global

 

WebTrust for S/MIME

  • Trust Service Requirements: CA/B Forum “Guidelines for the Issuance and Management of S/MIME Certificates.”
  • Audit Description: Annual audit performed on DigiCert’s key management cycle management authority (CA) business practices disclosures and CA environmental controls supporting DigiCert public and managed PKI CA services.
  • Product/Platform: CertCentral (EU), TrustLink (QuoVadis legacy)
  • Supervisory Authority: CPA Canada
  • Accreditation Body/Auditor: EY
  • Geographical Applicability: Global