ÃÛÌÒTV

Security 101 03-31-2021

How ÃÛÌÒTV Ensures the Integrity of Certificates: FAQs about ÃÛÌÒTV Compliance & Infrastructure

Brenda Bernal

The majority of Fortune 500 companies and many Global 2000 organizations rely on ÃÛÌÒTV’s 14-plus years of experience in delivering cloud-based authentication solutions to millions of their users and devices worldwide. We take this responsibility seriously and are committed to making the internet a safer space through ensuring the integrity of our certificates and continually improving our processes. To accomplish this, we institute several extensive security practices to maintain trust of these systems and we submit to regular audits by independent third parties.

Frequently asked questions

What does ÃÛÌÒTV do to secure its infrastructure?

ÃÛÌÒTV is focused on a preventative strategy to maintain trust and ensure the integrity of our infrastructure. Our best practices to secure our infrastructure include:

  • Implementing multi-factor authentication on our physical security infrastructure
  • Restricting infrastructure access to trusted employees
  • Secure key management, storing keys in encrypted formats
  • Implementing safeguards to protect against DDoS, web application, resources attacks, etc.
  • Separating duties with role-based administration and access
  • Providing dedicated monitoring through ÃÛÌÒTV and third-party global services
What is ÃÛÌÒTV certified for?

Besides our own extensive security policies and practices, our solutions are regularly audited and certified by independent third parties across the world. ÃÛÌÒTV holds several global certifications in addition to about half a dozen U.S.-based certifications, two in Japan, and several across Europe and the EU.

Some of our notable certifications include:

  • EiDAS certified
  • SSAE-18 SOC 2 Type II and III
  • WebTrustâ„¢ for Certification Authorities
  • WebTrustâ„¢ for Baseline Requirements
  • WebTrustâ„¢ for Extended Validation
  • WebTrustâ„¢ for Code Signing
  • EU Qualified Trust Service Provider (QTSP)

View all of our certifications here.

What audits do we participate in?

ÃÛÌÒTV participates in about 25 audits a year. View this datasheet for a list of all the audits and accreditations we participate in.

Where are your data centers located?

ÃÛÌÒTV has localized data centers in the United States, Japan, Australia and Europe, with more locations coming in 2021. This geographical distribution maintains load balancing of all our critical web infrastructure globally. All our equipment is dual-powered and covered by redundant cooling systems. Additionally, all critical network and system components are fault tolerant.

Is ÃÛÌÒTV FedRAMP authorized?

No, ÃÛÌÒTV has not achieved a FedRAMP ATO and it is not currently on our compliance roadmap to pursue.

If I have an EU Qualified Signing Certificate issued by QuoVadis can I use it in another EU country?

Yes. Signatures issued by one member state .

What certification best describes ÃÛÌÒTV’s compute control environment?  How can I get a copy?

The SOC 2/3 (SSAE-18) provides the controls overview of our data center infrastructure and compute environment.  The SOC 3 is a short form that can be distributed to the public. The SOC 2 version is the more detailed form that requires a mutual NDA to be signed to receive a copy.

Proven operational excellence

ÃÛÌÒTV is a proven leader in delivering a world-class, reliable and secure cloud-based infrastructure. With over 5 billion validations happening every year, ÃÛÌÒTV has proven its operational excellence for the past 14 years by delivering the expertise, ease of use and security that customers love. For more information, contact our security experts at pki_info@digicert.com.

UP NEXT
PKI

3 Surprising Uses of PKI in Big Companies and How to Ensure They Are all Secure

5 Min

Featured Stories

07-03-2024

What is a CA’s Role in delivering digital trust?

11-27-2024

6 actionable ways to secure the IIoT at every stage

Tracking the progress toward post-quantum cryptography

The state of PQC since the publication of FIPS 203, 204 and 205