Contact us
Language
Back

CHOOSE YOUR LANGUAGE
- English
- Español
- Dutch
- Deutsch
- Français
- Italiano
- Chinese (Simplified)
- Chinese (Traditional)
- Japanese
- Korean
- Português

COMPLIANCE AROUND THE WORLD

Bringing digital trust through audits and accreditations, independently vetted to the highest international standards.

LEARN MORE

DigiCert Global

Asia Paciﬁc

Europe

DigiCert+QuoVadis Global

COMPLIANCE CERTIFICATIONS

As a leader in encryption and trusted identity, DigiCert and their fully owned subsidiary QuoVadis maintain a suite of accreditations and independent audits. Protect your systems and users with the highest levels of assurance, including certification as a Qualified Trust Service Provider (TSP) under ETSI standards.

DigiCert Global Certifications

SOC 2 Type II / Type III

Trust Service Requirements: Detail operational effectiveness of systems to manage customer data based on five “trust service principles”—security, availability, processing integrity, confidentiality, and privacy.
Audit Description: Annual audits to ensure data is securely managed to protect the interests of organizations and clients. SOC 2 replaces legacy SAS 70 reporting standard.
Product/Platform: CertCentral, DigiCert ONE, DigiCert PKI Platform 8, DNSTrust
Supervisory Authority: American Institute of Certified Public Accountants (AICPA)
Accreditation Body/Auditor: BDO (DigiCert), A-Lign (DNSME)
Geographical Applicability: Global

WebTrust Program for Certification Authorities (CAs)

Trust Service Requirements: Adequacy and effectiveness of controls deployed by a Certification Authority (CA).
Audit Description: Annual audit performed on DigiCert's key management cycle management authority (CA) business practices disclosures and CA environmental controls supporting DigiCert public and managed PKI CA services.
Product/Platform: CertCentral, DigiCert ONE, DigiCert PKI Platform 8, MPKI 7 (Japan)
Supervisory Authority: Chartered Professional Accountants of Canada (CPA Canada).
Accreditation Body/Auditor: BDO
Geographical Applicability: Global

WebTrust for Baseline Requirements

Trust Service Requirements: CA/B Forum “Baseline Requirements for the Issuance and Management of Publicly Trusted Certificates.”
Audit Description: Annual audit performed on DigiCert’s key management cycle management authority (CA) business practices disclosures and CA environmental controls supporting DigiCert public and managed PKI CA services.
Product/Platform: CertCentral, DigiCert PKI Platform 8 (for S/MIME in 2024)
Supervisory Authority: CPA Canada
Accreditation Body/Auditor: BDO
Geographical Applicability: Global

WebTrust for Extended Validation

Trust Service Requirements: CA/B Forum “Guidelines for the Issuance and Management of EV Certificates.”
Audit Description: Annual audit performed on DigiCert’s key management cycle management authority (CA) business practices disclosures and CA environmental controls supporting DigiCert public and managed PKI CA services.
Product/Platform: CertCentral
Supervisory Authority: CPA Canada
Accreditation Body/Auditor: BDO
Geographical Applicability: Global

WebTrust for Code Signing

Trust Service Requirements: Code Signing Working Group’s Minimum Requirements for the Issuance and Management of Publicly Trusted Code Signing Certificates.
Audit Description: Annual audit performed on DigiCert’s key management cycle management authority (CA) business practices disclosures and CA environmental controls supporting DigiCert public and managed PKI CA services.
Product/Platform: DigiCert ONE Software Trust Manager (STM)
Supervisory Authority: CPA Canada
Accreditation Body/Auditor: BDO
Geographical Applicability: Global

WebTrust for VMC

Trust Service Requirements: Based on the Minimum Security Requirements for the Issuance of Verified Mark Certificates.
Audit Description: Annual audit performed on DigiCert’s issuance of Verified Mark Certificates.
Product/Platform: CertCentral
Supervisory Authority: CPA Canada
Accreditation Body/Auditor: BDO
Geographical Applicability: Global

WebTrust for AATL

Trust Service Requirements: Adobe Approved Trust List program, which verifies digital signatures in PDF documents that can be traced back to high-assurance, trustworthy certificates trusted by Acrobat and Reader.
Audit Description: Annual audit performed on DigiCert’s issuance of Qualified Certificates.
Product/Platform: CertCentral, DigiCert PKI Platform 8
Supervisory Authority: CPA Canada
Accreditation Body/Auditor: BDO

WebTrust for Matter

Trust Service Requirements: Adequacy and effectiveness of controls deployed by a Certification Authority (CA).
Audit Description: Annual audit performed on DigiCert’s key management cycle management authority (CA) business practices disclosures and CA environmental controls supporting DigiCert private and matter PKI CA services.
Product/Platform: DigiCert ONE IoT Trust Manager (IoT)
Supervisory Authority: Chartered Professional Accountants of Canada (CPA Canada)
Accreditation Body/Auditor: BDO
Geographical Applicability: Global

US Certifications

Federal PKI Policy Authority

Trust Service Requirements: NIST SP800-53, which specifies security controls for information systems supporting the executive agencies of the U.S. federal government. Adherence to Common Policy.
Audit Description: Annual audit of services, procedures, and practices as part of the identity federation agreement with the U.S. Government to provide services.
Product/Platform: DigiCert Direct
Supervisory Authority: Federal Public Key Infrastructure Policy Authority (FPKIPA)
Accreditation Body/Auditor: Federal Public Key Infrastructure Policy Authority (FPKIPA)
Geographical Applicability: United States

DirectTrust™ Accreditation Program for Certificate Authorities (CAs)

Trust Service Requirements: Direct Standard™ and requirements of the DirectTrust Security and Trust framework.
Audit Description: Biennial audit of CA services against a series of technical, physical, and operational criteria.
Product/Platform: DigiCert Direct
Supervisory Authority: DirectTrust
Accreditation Body/Auditor: DirectTrust
Geographical Applicability: United States

DirectTrust™ Accreditation Program for Registration Authorities (RAs)

Trust Service Requirements: Direct Standard™ and requirements of the DirectTrust Security and Trust framework.
Audit Description: Biennial audit of RA services against a series of technical, physical, and operational criteria.
Product/Platform: DigiCert Direct
Supervisory Authority: DirectTrust
Accreditation Body/Auditor: DirectTrust
Geographical Applicability: United States

WebTrust for Certipath

Trust Service Requirements: Adequacy and effectiveness of controls deployed by a Certification Authority (CA).
Audit Description: Annual audits performed on Certipath’s key management cycle management authority (CA) business practices disclosures and CA environmental controls supporting Certipath public and managed PKI CA services.
Product/Platform: DigiCert PKI Platform 8
Supervisory Authority: CPA Canada
Accreditation Body/Auditor: BDO
Geographical Applicability: Americas

WebTrust for DirectTrust

Trust Service Requirements: Adequacy and effectiveness of physical controls deployed by a Certification Authority (CA).
Audit Description: Annual audit performed on DigiCert’s physical management of DirectTrust CA services.
Product/Platform: DigiCert Direct
Supervisory Authority: CPA Canada
Accreditation Body/Auditor: BDO
Geographical Applicability: Americas

Asia Pacific Certifications

ISAE 3402

Trust Service Requirements: ISAE 3402, an international assurance standard that describes Service Organization Control (SOC) engagements, which provides assurance to an organization's customer that the service organization has adequate internal controls.
Audit Description: Annual audit on internal controls over ﬁnancial reporting.
Product/Platform: DigiCert ONE Trust Lifecycle Manager (TLM) (Japan), MPKI 7 (Japan)
Supervisory Authority: International Auditing and Assurance Standards Board (IAASB), International Federation of Accountants (IFAC)
Accreditation Body/Auditor: BDO Sanyu
Geographical Applicability: Japan

ISO 27001

Trust Service Requirements: Compliance with ISO 27001 Information Security Management Systems Requirements Specification (formerly known as BS7799-2)
Audit Description: Annual audit to evaluate how securely an organization manages and stores its information and data in our Japan Data Center.
Product/Platform: DigiCert ONE Trust Lifecycle Manager (TLM) (Japan), MPKI 7 (Japan)
Supervisory Authority: International Organization for Standardization
Accreditation Body/Auditor: BDO Sanyu
Geographical Applicability: Japan

Gatekeeper Public Key Infrastructure Framework

Trust Service Requirements: Digital ID Policy Branch, Gatekeeper PKI Framework v3.1 (research)
Audit Description: Annual audit that cover protective security governance, personnel security, information security and physical security.
Product/Platform: Gatekeeper (product), MPKI 7 system
Supervisory Authority: Australian Government Department of Finance
Accreditation Body/Auditor: Sekuro
Geographical Applicability: Australia

European Certifications

ZertES Qualified Certification Services Provider

Trust Service Requirements: Swiss Law and ETSI standards for Qualified Certification Service Providers (CSP) and Time Stamping Authorities.
Audit Description: Annual audit of QuoVadis Trustlink Schweiz AG to ensure conformity with the requirements for Qualiﬁed and Regulated Certificates and Qualified Time-Stamps.
Product/Platform: TrustLink (QuoVadis legacy), CertCentral/DigiCert ONE
Supervisory Authority: Swiss Accreditation Service (SAS), Bundesamt für Kommunikation (BAKOM)
Accreditation Body/Auditor: KPMG
Geographical Applicability: Switzerland

Netherlands Qualified Trust Services Provider

Trust Service Requirements: ETSI EN 319 411-1, ETSI EN 319 411-2, Regulation (EU) nº 910/2014
Audit Description: Annual audit of QuoVadis Trustlink Netherlands BV for accreditation to be a Qualified Trust Services Provider (QTSP), to issue Qualified Certificates for Electronic Signature, Electronic Seal, Website Authentication and Qualified Time-Stamps.
Product/Platform: TrustLink (QuoVadis legacy), CertCentral/DigiCert ONE
Supervisory Authority: RDI
Accreditation Body/Auditor: BSI (QuoVadis legacy), TayllorCox (DigiCert Europe)
Geographical Applicability: Netherlands – but applies across the European Union.

Trust Service Provider (TSP) for PKIoverheid

Trust Service Requirements: ETSI EN 319 411-1, ETSI EN 319 411-2, PKIoverheid Program of Requirements standards to issue Qualified Certificates for Electronic Signature, Electronic Seal and Website Authentication under the Staat der Nederlanden Root.
Audit Description: Annual audit to maintain accreditation as a TSP for the Dutch government.
Product/Platform: TrustLink (QuoVadis legacy), CertCentral/DigiCert ONE
Supervisory Authority: Logius Policy Management Authority for PKIoverheid
Accreditation Body/Auditor: BSI (QuoVadis legacy), TayllorCox (DigiCert Europe)
Geographical Applicability: Netherlands

Belgium Qualified Trust Services Provider

Trust Service Requirements: ETSI EN 319 411-1, ETSI EN 319 411-2, Regulation (EU) nº 910/2014
Audit Description: Annual audit of DigiCert Europe Belgium BV for accreditation to be a Qualified Trust Services Provider (QTSP), to issue Qualified Certificates for Electronic Signature and Electronic Seal.
Product/Platform: TrustLink (QuoVadis legacy), CertCentral/DigiCert ONE
Supervisory Authority: Belgian FPS Economy - Quality and Safety
Accreditation Body/Auditor: BSI (QuoVadis legacy), TayllorCox (DigiCert Europe)
Geographical Applicability: Belgium – but applies across the European Union.