Built on verified trust
Intertrust security practices are independently verified across multiple frameworks, covering both our operational infrastructure and certificate authority (CA) services.
SOC 2 Type II—Security, availability, and confidentiality
An independent audit confirmed that Intertrust's controls are designed and operating effectively against the AICPA Trust Services Criteria. Type II covers a sustained observation period, not simply a point in time.
Standard
AICPA Trust Services Criteria (TSC)
Audit type
SOC 2 Type II
Criteria covered
Security · Availability · Confidentiality
Renewal
Annual
What the attestation covers
The SOC 2 framework evaluates the design and operating effectiveness of controls governing the security and availability of systems that process customer data and ensure confidentiality is maintained.
Security
Systems are protected against unauthorized access, both physical and logical.
Availability
Systems are maintained to meet customer availability SLAs.
Confidentiality
Information designated as confidential is protected as agreed.
The full SOC 2 Type II report is available to current and prospective customers under NDA.
Request a copy at: [email protected]
WebTrust—Intertrust PKI (iPKI)
Intertrust's certificate authority services are independently audited against the WebTrust Principles and Criteria for Certification Authorities. WebTrust is the primary assurance framework for the global PKI ecosystem to verify the operational integrity of certificate authorities.
Standard
WebTrust for Certification Authorities v2.2.2
Audit type
Independent third-party examination
Scope
Intertrust PKI (iPKI)
Renewal
Annual
What the compliance covers
The WebTrust framework evaluates the design and operating effectiveness of controls governing how a certificate authority generates, manages, and protects certificates and the identities bound to them.
A key lifecycle
Private keys are generated, stored, and managed securely throughout their lifecycle.
Subscriber validation
Subscriber identities are verified before certificates are issued.
Certificate integrity
Certificates are issued, revoked, and validated according to documented policies.
Access controls
Access to CA infrastructure is restricted and monitored.
The WebTrust CA report is available to customers and partners upon request.
Request a copy at: [email protected]
We're here to help
Intertrust's customer focus is second to none and we're uniquely qualified to amplify, extend, and complement your business and technology needs.
Ready to get started?
Want to learn more?
Get in touch with an expert.