׶Ƶ

Audit Compliance Hero

COMPLIANCE AROUND THE WORLD

Bringing digital trust through audits and accreditations, independently vetted to the highest international standards.

Compliance Accreditations

As a leader in encryption and trusted identity, ׶Ƶ and their fully owned subsidiary QuoVadis maintain a suite of accreditations and independent audits. Protect your systems and users with the highest levels of assurance, including certification as a Qualified Trust Service Provider (TSP) under ETSI standards.

Audit Compliance Blade

׶Ƶ Global Accreditations

SOC 2 Type II
  • Trust Service Requirements: Detail operational effectiveness of systems to manage customer data based on five “trust service principles”—security, availability, processing integrity, confidentiality, and privacy.
  • Audit Description: Annual audits to ensure data is securely managed to protect the interests of organizations and clients.
  • Product/Platform: DNSTrust
  • Supervisory Authority: American Institute of Certified Public Accountants (AICPA)
  • Accreditation Body/Auditor: A-Lign (DNSME)
  • Geographical Applicability: Global

Certification Image 1
SOC 2 Type II / Type III
  • Trust Service Requirements: Detail operational effectiveness of systems to manage customer data based on five “trust service principles”—security, availability, processing integrity, confidentiality, and privacy.
  • Audit Description: Annual audits to ensure data is securely managed to protect the interests of organizations and clients. SOC 2 replaces legacy SAS 70 reporting standard.
  • Product/Platform: CertCentral, ׶Ƶ ONE, ׶Ƶ PKI Platform 8
  • Supervisory Authority: American Institute of Certified Public Accountants (AICPA)
  • Accreditation Body/Auditor: BDO (׶Ƶ)
  • Geographical Applicability: Global

WebTrust Program for Certification Authorities (CAs)
  • Trust Service Requirements: Adequacy and effectiveness of controls deployed by a Certification Authority (CA).
  • Audit Description: Annual audit performed on ׶Ƶ's key management cycle management authority (CA) business practices disclosures and CA environmental controls supporting ׶Ƶ public and managed PKI CA services.
  • Product/Platform:CertCentral, ׶Ƶ ONE, ׶Ƶ PKI Platform 8, MPKI 7 (Japan)
  • Supervisory Authority: Chartered Professional Accountants of Canada (CPA Canada).
  • Accreditation Body/Auditor: BDO
  • Geographical Applicability: Global

WebTrust for Baseline Requirements
  • Trust Service Requirements: CA/B Forum “Baseline Requirements for the Issuance and Management of Publicly Trusted Certificates.”
  • Audit Description: Annual audit performed on ׶Ƶ’s key management cycle management authority (CA) business practices disclosures and CA environmental controls supporting ׶Ƶ public and managed PKI CA services.
  • Product/Platform: CertCentral, ׶Ƶ PKI Platform 8 (for S/MIME in 2024)
  • Supervisory Authority: CPA Canada
  • Accreditation Body/Auditor: BDO
  • Geographical Applicability: Global

WebTrust for Extended Validation
  • Trust Service Requirements: CA/B Forum “Guidelines for the Issuance and Management of EV Certificates.”
  • Audit Description: Annual audit performed on ׶Ƶ’s key management cycle management authority (CA) business practices disclosures and CA environmental controls supporting ׶Ƶ public and managed PKI CA services.
  • Product/Platform: CertCentral
  • Supervisory Authority: CPA Canada
  • Accreditation Body/Auditor: BDO
  • Geographical Applicability: Global

WebTrust for Code Signing
  • Trust Service Requirements: Code Signing Working Group’s Minimum Requirements for the Issuance and Management of Publicly Trusted Code Signing Certificates.
  • Audit Description: Annual audit performed on ׶Ƶ’s key management cycle management authority (CA) business practices disclosures and CA environmental controls supporting ׶Ƶ public and managed PKI CA services.
  • Product/Platform: ׶Ƶ ONE Software Trust Manager (STM)
  • Supervisory Authority: CPA Canada
  • Accreditation Body/Auditor: BDO
  • Geographical Applicability: Global

WebTrust for VMC
  • Trust Service Requirements: Based on the Minimum Security Requirements for the Issuance of Verified Mark Certificates.
  • Audit Description: Annual audit performed on ׶Ƶ’s issuance of Verified Mark Certificates.
  • Product/Platform: CertCentral
  • Supervisory Authority: CPA Canada
  • Accreditation Body/Auditor: BDO
  • Geographical Applicability: Global

Certification Image 7
WebTrust for AATL
  • Trust Service Requirements: Adobe Approved Trust List program, which verifies digital signatures in PDF documents that can be traced back to high-assurance, trustworthy certificates trusted by Acrobat and Reader.
  • Audit Description: Annual audit performed on ׶Ƶ’s issuance of Qualified Certificates.
  • Product/Platform: CertCentral, ׶Ƶ PKI Platform 8
  • Supervisory Authority: CPA Canada
  • Accreditation Body/Auditor: BDO

Certification Image 8
WebTrust for Matter
  • Trust Service Requirements: Adequacy and effectiveness of controls deployed by a Certification Authority (CA).
  • Audit Description: Annual audit performed on ׶Ƶ’s key management cycle management authority (CA) business practices disclosures and CA environmental controls supporting ׶Ƶ private and matter PKI CA services.
  • Product/Platform: ׶Ƶ ONE IoT Trust Manager (IoT)
  • Supervisory Authority: Chartered Professional Accountants of Canada (CPA Canada)
  • Accreditation Body/Auditor: BDO
  • Geographical Applicability: Global

US Accreditations

Federal PKI Policy Authority
  • Trust Service Requirements: NIST SP800-53, which specifies security controls for information systems supporting the executive agencies of the U.S. federal government. Adherence to Common Policy.
  • Audit Description: Annual audit of services, procedures, and practices as part of the identity federation agreement with the U.S. Government to provide services.
  • Product/Platform: ׶Ƶ Direct
  • Supervisory Authority: Federal Public Key Infrastructure Policy Authority (FPKIPA)
  • Accreditation Body/Auditor: Federal Public Key Infrastructure Policy Authority (FPKIPA)
  • Geographical Applicability: United States

DirectTrust™ Accreditation Program for Certificate Authorities (CAs)
  • Trust Service Requirements: Direct Standard™ and requirements of the DirectTrust Security and Trust framework.
  • Audit Description: Biennial audit of CA services against a series of technical, physical, and operational criteria.
  • Product/Platform:׶Ƶ Direct
  • Supervisory Authority: DirectTrust
  • Accreditation Body/Auditor: DirectTrust
  • Geographical Applicability: United States

DirectTrust™ Accreditation Program for Registration Authorities (RAs)
  • Trust Service Requirements: DirectStandard™ and requirements of the DirectTrust Security and Trust framework.
  • Audit Description: Biennial audit of RA services against a series of technical, physical, and operational criteria.
  • Product/Platform:׶Ƶ Direct
  • Supervisory Authority: DirectTrust
  • Accreditation Body/Auditor: DirectTrust
  • Geographical Applicability: United States

Certification Image 11
WebTrust for Certipath
  • Trust Service Requirements: Adequacy and effectiveness of controls deployed by a Certification Authority (CA).
  • Audit Description:Annual audits performed on Certipath’s key management cycle management authority (CA) business practices disclosures and CA environmental controls supporting Certipath public and managed PKI CA services.
  • Product/Platform: ׶Ƶ PKI Platform 8
  • Supervisory Authority: CPA Canada
  • Accreditation Body/Auditor: BDO
  • Geographical Applicability: Americas

Certification Image 12
WebTrust for DirectTrust
  • Trust Service Requirements: Adequacy and effectiveness of physical controls deployed by a Certification Authority (CA).
  • Audit Description: Annual audit performed on ׶Ƶ’s physical management of DirectTrust CA services.
  • Product/Platform: ׶Ƶ Direct
  • Supervisory Authority: CPA Canada
  • Accreditation Body/Auditor: BDO
  • Geographical Applicability: Americas

Asia Pacific Accreditations

Certification Image 13
ISAE 3402
  • Trust Service Requirements: ISAE 3402, an international assurance standard that describes Service Organization Control (SOC) engagements, which provides assurance to an organization's customer that the service organization has adequate internal controls.
  • Audit Description: Annual audit on internal controls over financial reporting.
  • Product/Platform: ׶Ƶ ONE Trust Lifecycle Manager (TLM) (Japan), MPKI 7 (Japan)
  • Supervisory Authority: International Auditing and Assurance Standards Board (IAASB), International Federation of Accountants (IFAC)
  • Accreditation Body/Auditor: BDO Sanyu
  • Geographical Applicability: Japan

ISO 27001
  • Trust Service Requirements: Compliance with ISO 27001 Information Security Management Systems Requirements Specification (formerly known as BS7799-2)
  • Audit Description: Annual audit to evaluate how securely an organization manages and stores its information and data in our Japan Data Center.
  • Product/Platform: ׶Ƶ ONE Trust Lifecycle Manager (TLM) (Japan), MPKI 7 (Japan)
  • Supervisory Authority: International Organization for Standardization
  • Accreditation Body/Auditor: BDO Sanyu
  • Geographical Applicability: Japan

Gatekeeper Public Key Infrastructure Framework
  • Trust Service Requirements:Digital ID Policy Branch, Gatekeeper PKI Framework v3.1 (research)
  • Audit Description: Annual audit that cover protective security governance, personnel security, information security and physical security.
  • Product/Platform:Gatekeeper (product), MPKI 7 system
  • SupervisoryAuthority: Australian Government Department of Finance
  • AccreditationBody/Auditor: Sekuro
  • GeographicalApplicability: Australia

European Accreditations

Certification Image 16
ZertES Qualified Certification Services Provider
  • Trust Service Requirements: Swiss Law and ETSI standards for Qualified Certification Service Providers (CSP) and Time Stamping Authorities.
  • Audit Description: Annual audit of QuoVadis Trustlink Schweiz AG to ensure conformity with the requirements for Qualified and Regulated Certificates and Qualified Time-Stamps.
  • Product/Platform: TrustLink (QuoVadis legacy), CertCentral/׶Ƶ ONE
  • Supervisory Authority: Swiss Accreditation Service (SAS), Bundesamt für Kommunikation (BAKOM)
  • Accreditation Body/Auditor: KPMG
  • Geographical Applicability: Switzerland

Certification Image 17
Netherlands Qualified Trust Services Provider
  • Trust Service Requirements: ETSI EN 319 411-1, ETSI EN 319 411-2, Regulation (EU) nº 910/2014
  • Audit Description: Annual audit of QuoVadis Trustlink Netherlands BV for accreditation to be a Qualified Trust Services Provider (QTSP), to issue Qualified Certificates for Electronic Signature, Electronic Seal, Website Authentication and Qualified Time-Stamps.
  • Product/Platform: TrustLink (QuoVadis legacy), CertCentral/׶Ƶ ONE
  • Supervisory Authority: RDI
  • Accreditation Body/Auditor: BSI (QuoVadis legacy), TayllorCox (׶Ƶ Europe)
  • Geographical Applicability: Netherlands – but applies across the European Union.

Trust Service Provider (TSP) for PKIoverheid
  • Trust Service Requirements: ETSI EN 319 411-1, ETSI EN 319 411-2, PKIoverheid Program of Requirements standards to issue Qualified Certificates for Electronic Signature, Electronic Seal and Website Authentication under the Staat der Nederlanden Root.
  • Audit Description: Annual audit to maintain accreditation as a TSP for the Dutch government.
  • Product/Platform: TrustLink (QuoVadis legacy), CertCentral/׶Ƶ ONE
  • Supervisory Authority: Logius Policy Management Authority for PKIoverheid
  • Accreditation Body/Auditor: BSI (QuoVadis legacy), TayllorCox (׶Ƶ Europe)
  • Geographical Applicability: Netherlands

Certification Image 19
Belgium Qualified Trust Services Provider
  • Trust Service Requirements: ETSI EN 319 411-1, ETSI EN 319 411-2, Regulation (EU) nº 910/2014
  • Audit Description: Annual audit of ׶Ƶ Europe Belgium BV for accreditation to be a Qualified Trust Services Provider (QTSP), to issue Qualified Certificates for Electronic Signature and Electronic Seal.
  • Product/Platform: TrustLink (QuoVadis legacy), CertCentral/׶Ƶ ONE
  • Supervisory Authority: Belgian FPS Economy - Quality and Safety
  • Accreditation Body/Auditor: BSI (QuoVadis legacy), TayllorCox (׶Ƶ Europe)
  • Geographical Applicability: Belgium – but applies across the European Union.

׶Ƶ+QuoVadis Accreditations

WebTrust Program for Certification Authorities (CAs)
  • Trust Service Requirements: Adequacy and effectiveness of controls deployed by a Certification Authority (CA).
  • Audit Description: Annual audit performed on ׶Ƶ’s key management cycle management authority (CA) business practices disclosures and CA environmental controls supporting ׶Ƶ public and managed PKI CA services.
  • Product/Platform: TrustLink (QuoVadis legacy)
  • Supervisory Authority: Chartered Professional Accountants of Canada (CPA Canada)
  • Accreditation Body/Auditor: Ernst & Young (EY)
  • Geographical Applicability: Global

WebTrust for Baseline Requirements
  • TrustServiceRequirements: CA/B Forum "Baseline Requirements for the Issuance and Management of Publicly Trusted Certificates."
  • AuditDescription: Annual audit performed on ׶Ƶ’s key management cycle management authority (CA) business practices disclosures and CA environmental controls supporting ׶Ƶ public and managed PKI CA services.
  • Product/Platform:TrustLink (QuoVadis legacy)
  • SupervisoryAuthority: CPA Canada
  • AccreditationBody/Auditor: EY
  • GeographicalApplicability: Global

WebTrust for Extended Validation
  • Trust Service Requirements: CA/B Forum “Guidelines for the Issuance and Management of EV Certificates.”
  • Audit Description: Annual audit performed on ׶Ƶ’s key management cycle management authority (CA) business practices disclosures and CA environmental controls supporting ׶Ƶ public and managed PKI CA services.
  • Product/Platform:TrustLink (QuoVadis legacy)
  • SupervisoryAuthority: CPA Canada
  • AccreditationBody/Auditor: EY
  • GeographicalApplicability: Global

WebTrust for Code Signing
  • Trust Service Requirements: Code Signing Working Group’s Minimum Requirements for the Issuance and Management of Publicly Trusted Code Signing Certificates.
  • Audit Description: Annual audit performed on ׶Ƶ’s key management cycle management authority (CA) business practices disclosures and CA environmental controls supporting ׶Ƶ public and managed PKI CA services.
  • Product/Platform:TrustLink (QuoVadis legacy)
  • SupervisoryAuthority: CPA Canada
  • AccreditationBody/Auditor: EY
  • GeographicalApplicability: Global

WebTrust for S/MIME
  • Trust Service Requirements: CA/B Forum “Guidelines for the Issuance and Management of S/MIME Certificates.”
  • Audit Description:Annual audit performed on ׶Ƶ’s key management cycle management authority (CA) business practices disclosures and CA environmental controls supporting ׶Ƶ public and managed PKI CA services.
  • Product/Platform: CertCentral (EU), TrustLink (QuoVadis legacy)
  • SupervisoryAuthority: CPA Canada
  • AccreditationBody/Auditor: EY
  • GeographicalApplicability: Global