Security is at the heart of everything that DigiCert does. Maintaining that security and trust requires a constant focus on standards and compliance, with the changing landscape of threats and risks facing DigiCert and our customers. At DigiCert, we maintain a strong compliance culture in our global operations.
As the world’s leading provider of TLS/SSL and PKI solutions, DigiCert is committed to fostering a strong compliance culture in everything we do. From the CEO down, our team understands that without a keen focus on standards and compliance, we are not putting our best forward on security and maintaining trust with our customers and partners. As our services are a big part of our customers’ security posture, we have a responsibility to be world-class in understanding the standards and risks in our business.
The combination of our size and scale requires us to be nimble and adept in the way that we sustain our compliance culture, with relevance to every team member. We strive to optimize our compliance with a proactive and evolving approach that will help us stay ahead of new threats and industry requirements.
It starts at the top. DigiCert’s executive steering committee meets every few weeks specifically on the subject of compliance and risk management, to review the changing matrix of threats and risks facing the company and our customers.
The goal of this review is to always have a pulse on the changing landscape around standards, compliance and risks. We maintain a risk register derived from the efforts of our Product, Standards, and Compliance teams, ensuring that tasks receive the resources and prioritization towards resolution.
This living process is constantly being refined as DigiCert seeks to stay in front of developing issues affecting our sector or operations, and to avoid the never-ending “break/fix” dysfunction found in some organizations. We expect to further enhance our work in enterprise risk management in 2022.
One of the advantages for customers who with DigiCert is our ability to invest appropriately in standards and compliance. We are not just ticking the boxes, but rather helping to lead the way by investing the in development of the technical standards that shape our industry, as well as new approaches to ensure compliance with our obligations.
Many customers will be familiar with DigiCert’s long standing work with the CA/Browser Forum, leading working groups related to TLS, S/MIME and code-signing certificates. But our dedicated standards specialists are also involved in other important industry bodies setting the requirements for our sector such as the IETF (in areas such as LAMPS and (post quantum crypto) and the European Telecommunications Standards Institute, particularly in the Electronic Signatures and Infrastructures (ETSI ESI) area relevant to our Qualified Trust Service Provider operations. Other groups include ISO, ANSI (particularly the X9 financial services PKI group), the Zigbee Alliance and the AuthIndicators Working Group.
As would be expected of a global organization involved in every aspect of PKI, DigiCert has invested in appropriately staffing our Compliance and Audit teams, with specialists located in our offices around the world. However, what makes DigiCert different is not that we just meet our obligations, but that we go beyond by taking the next step to turn that compliance knowledge into new value and continuous improvement.
One example is our investment in audit management solutions, often referred to as GRC tools, to map our myriad security and technical requirements against our internal controls, and to maintain ownership/responsibility and evidence on an ongoing basis. Rather than having an annual snapshot of our compliance posture, these tools allow us to track compliance and risks on a continuous basis throughout the year.
Coming together, this focus on compliance helps DigiCert leadership understand the risks facing our products, our customers and our partners, and to drive through positive actions to resolve any threats we identify with minimum negative impact on our customers. Our goal, amid our size and growth rate, is to maintain our leadership in security and compliance in our industry.