Compliance 05-16-2023

At DigiCert, Compliance
is Not an Afterthought

DigiCert Certified on SOC 2
For 2022

Brenda Bernal
At DigiCert, Compliance is Not an Afterthought

At DigiCert, we understand that our customers rely on us to provide solutions that meet their evolving security needs, and we take this responsibility seriously. Our business revolves around providing top-of-the-line TLS/SSL and PKI solutions that guarantee secure interactions between individuals, organizations and devices.

Furthermore, as a leading provider of digital trust, we maintain a strong compliance culture throughout our global operations, ensuring that we stay ahead of the ever-evolving threat landscape facing our customers and ourselves. From our CEO to our team members, we all recognize that our focus on compliance sets us apart in terms of security and trustworthiness.

Compliance is a key building block of digital trust, and thus for us, compliance is not an afterthought, but an integral part of our product and service development process. Before the development train leaves the station, our compliance specialists are involved, ensuring that our solutions meet the technical standards and audit requirements required for their secure operation.

Thus, it is with pride that we are announcing today that DigiCert has again been certified on SOC 2, as an indicator that our internal processes are helping to secure our customer data.

What is SOC 2?

The SOC 2 is an evaluation by an independent CPA firm on the suitability of the design and operating effectiveness of controls against the trust services criteria relevant to security. This review and resulting SOC 2 report provides reasonable assurance that DigiCert’s service commitments and system requirements were achieved. DigiCert had a successful SOC 2 examination for both our U.S. and E.U. locations.

DigiCert has had a SOC 2 examination of its Managed Public Key Infrastructure Services System throughout the period Oct. 1, 2021 to Sept. 30, 2022 (U.S.) and Sept. 5, 2022 to Jan. 31, 2023 (E.U.).

The Trust Services Criteria included in our evaluation included:

  • Security
  • Availability
  • Processing integrity
  • Confidentiality
  • Privacy

This report is heavily utilized in describing our state of controls and risk governance and is available for relevant stakeholders. The U.S. and EU reports are now available.

Besides the SOC 2, DigiCert undertakes over two dozen audits annually on our systems and operations to ensure the trust that our customers place in us is validated.

Some of our notable certifications include:

  • SSAE-18 SOC 2 Type II and III
  • WebTrust for Certification Authorities
  • WebTrust for Baseline Requirements
  • WebTrust for Extended Validation
  • WebTrust for Code Signing
  • EU Qualified Trust Service Provider (QTSP)
  • ISAE 3402 AND ISO27001 (Japan)

View all of our certifications here.

In summary, at DigiCert, we are dedicated to fostering a culture of compliance that underpins everything we do. This ensures that we can continue to provide top-quality digital trust solutions to our customers, enabling them to conduct their online activities with confidence and peace of mind. The SOC 2 reports provide relying parties a level of assurance that we are ensuring in our processes to keep data secure, private and confidential.

Watch our Digital Compliance video to learn more about how we take a proactive approach to compliance.