To the management of Entrust Datacard Limited (formerly known as Entrust Limited, hereinafter Entrust ) and Trend Micro, Inc.
|
|
- Godwin Parker
- 5 years ago
- Views:
Transcription
1 Audit Tax Advisory Grant Thornton LLP 2001 Market Street, Suite 700 Philadelphia, PA T F Report of Independent Practitioner To the management of Entrust Datacard Limited (formerly known as Entrust Limited, hereinafter Entrust ) and Trend Micro, Inc. ( Trend Micro ): We have examined Entrust and Trend Micro management s assertions that for their Certification Authority (CA) operations at Santa Clara, California and Norcross, Georgia, USA, throughout the following periods: As to the Root CAs listed on Attachment A for the period April 1, 2016 to June 7, 2016, and As to the Issuing CAs listed on Attachment B and CA operations for the period April 1, 2016 to January 29, 2017, Entrust and Trend Micro have: disclosed its extended validation SSL ( EV SSL ) certificate lifecycle management business practices in their Certificate Practices Statements as enumerated in Attachment C, including their commitment to provide EV SSL certificates in conformity with the CA/Browser Forum Guidelines on the AffirmTrust website, and provided such services in accordance with their disclosed practices maintained effective controls to provide reasonable assurance that: o the integrity of keys and EV SSL certificates it manages is established and protected throughout their lifecycles; and o EV SSL subscriber information is properly authenticated (for the registration activities performed by Entrust and Trend Micro) based on the WebTrust Principles and Criteria for Certification Authorities Extended Validation SSL v Entrust s and Trend Micro s management is responsible for its assertions. Our responsibility is to express an opinion on management s assertions based on our examination. We conducted our examination in accordance with standards for attestation engagements established by the American Institute of Certified Public Accountants and, accordingly, included:
2 (1) obtaining an understanding of Entrust s and Trend Micro s EV SSL certificate lifecycle management business practices, including its relevant controls over the issuance, renewal, and revocation of EV SSL certificates; (2) selectively testing transactions executed in accordance with disclosed EV SSL certificate lifecycle management practices; (3) testing and evaluating the operating effectiveness of the controls; and (4) performing such other procedures as we considered necessary in the circumstances. We believe that our examination provides a reasonable basis for our opinion. The relative effectiveness and significance of specific controls at Entrust and Trend Micro and their effect on assessments of control risk for subscribers and relying parties are dependent on their interaction with the controls, and other factors present at individual subscriber and relying party locations. We have performed no procedures to evaluate the effectiveness of controls at individual subscriber and relying party locations. Because of the nature and inherent limitations of controls, Entrust s and Trend Micro s ability to meet the aforementioned criteria may be affected. For example, controls may not prevent, or detect and correct, error, fraud, unauthorized access to systems and information, or failure to comply with internal and external policies or requirements. Also, the projection of any conclusions based on our findings to future periods is subject to the risk that changes may alter the validity of such conclusions. In our opinion, throughout the period April 1, 2016 to January 29, 2017, Entrust and Trend Micro management s assertions, as referred to above, are fairly stated, in all material respects, based on the WebTrust Principles and Criteria for Certification Authorities Extended Validation SSL v This report does not include any representation as to the quality of Entrust s and Trend Micro s services beyond those covered by the WebTrust Principles and Criteria for Certification Authorities Extended Validation SSL v1.4.5, nor the suitability of any of Entrust s or Trend Micro s services for any customer's intended purpose. Grant Thornton LLP Philadelphia, Pennsylvania June 30, 2017
3 ATTACHMENT A LIST OF IN SCOPE ROOT CAs Root CAs AffirmTrust Commercial Serial no: 77:77:06:27:26:A9:B1:7C SHA-1 Thumbprint: F9:B5:B6:32:45:5F:9C:BE:EC:57:5F:80:DC:E9:6E:2C:C7:B2:78:B7 AffirmTrust Networking Serial no: 7C:4F:04:39:1C:D4:99:2D SHA-1 Thumbprint: 29:36:21:02:8B:20:ED:02:F5:66:C5:32:D1:D6:ED:90:9F:45:00:2F AffirmTrust Premium Serial no: 6D:8C:14:46:B1:A6:0A:EE SHA-1 Thumbprint: D8:A6:33:2C:E0:03:6F:B1:85:F6:63:4F:7D:6A:06:65:26:32:28:27 AffirmTrust Premium ECC Serial no: 74:97:25:8A:C7:3F:7A:54 SHA-1 Thumbprint: B8:23:6B:00:2F:1D:16:86:53:01:55:6C:11:A4:37:CA:EB:FF:C3:BB ATTACHMENT B LIST OF IN SCOPE ISSUING CAs Issuing CAs [Certificate Type] Trend Micro CA [OV and EV] Serial no: 3D:84:7C:1B:4A:BB:32:02 SHA-1 Thumbprint: 2C:DD:A6:CE:33:E1:FE:7C:1B:05:41:1F:17:A6:66:A7:83:D7:F5:6A Trend Micro S2 CA [OV and EV] Serial no: 5B:46:99:90:EC:75:9D:34 SHA-1 Thumbprint: E2:7C:71:03:AD:E2:D6:F3:40:7E:05:AD:05:28:EE:89:C3:63:6E:85 AffirmTrust Commercial Extended Validation CA [EV] Serial no: 63:1B:F9:0C:8A:B0:2C:81 SHA-1 Thumbprint: 81:2F:ED:60:49:9B:92:C5:A8:06:AD:F7:6B:6C:34:C2:3B:2D:08:57 AffirmTrust Networking Extended Validation CA [EV] Serial no: 23:90:15:C7:F6:78:80:46 SHA-1 Thumbprint: 29:81:D1:9F:DB:BE:47:39:91:3C:CE:EF:5A:B0:52:E2:D7:77:14:E9
4 AffirmTrust Premium Extended Validation CA [EV] Serial no: 0B:CF:CF:37:59:C2:F5:86 SHA-1 Thumbprint: 5B:A0:2E:26:95:0A:40:B3:59:3D:C9:E3:DE:A8:C7:C5:A3:AF:42:C6 AffirmTrust Premium ECC Extended Validation CA [EV] Serial no: 10:7C:AA:12:EC:D6:8C:54 SHA-1 Thumbprint: 7F:B9:17:9F:3F:78:03:B3:C9:96:45:FE:C8:2F:28:79:26:B9:90:55 Trend Micro Gold CA [OV and EV] Valid until: November 2, 2019 Serial no: 00:84:3C:74:B1:AA:34:86:B1:C4:C7:A0:DF:55:B5:E9 SHA-1 Thumbprint: D3:0A:E0:1F:70:BB:BF:F3:6B:2C:EA:DE:0A:A0:F8:C7:AA:82:21:1C Trend Micro Silver CA [OV and EV] Valid until: November 2, 2019 Serial no: 00:83:55:1B:D2:38:4F:68:E0:42:05:B8:37:D4:8D:87 SHA-1 Thumbprint: 8B:78:C4:59:FB:11:83:BE:10:27:6B:9C:6B:62:30:81:C8:49:36:57 ATTACHMENT C LIST OF AFFIRMTRUST CERTIFICATION PRACTICE STATEMENTS CPS Name Version Date Trend Micro SSL Certification Practice Statement November 2015 Entrust Trend Micro SSL Certification Practice Statement April 2016 AffirmTrust Certification Practice Statement December 2016
5 Entrust Datacard Corporate Headquarters 1187 Park Place Shakopee, MN USA ENTRUST MANAGEMENT S ASSERTION Entrust Datacard Limited (formerly known as Entrust Limited, hereinafter Entrust ) operates the Certification Authority (CA) services known as AffirmTrust from roots and Subordinate CAs as enumerated in Attachment A, and provides Extended Validation SSL ( EV SSL ) CA services. The management of Entrust is responsible for establishing and maintaining effective controls over its EV SSL CA operations, including its EV SSL CA business practices disclosure on its website, EV SSL key lifecycle management controls, and EV SSL certificate lifecycle management controls. These controls contain monitoring mechanisms, and actions are taken to correct deficiencies identified. There are inherent limitations in any controls, including the possibility of human error, and the circumvention or overriding of controls. Accordingly, even effective controls can only provide reasonable assurance with respect to Entrust s Certification Authority operations. Furthermore, because of changes in conditions, the effectiveness of controls may vary over time. Entrust management has assessed its disclosures of its certificate practices and controls over its EV SSL CA services. Based on that assessment, in Entrust management s opinion, in providing its EV SSL Certification Authority (CA) services at Santa Clara, California and Norcross, Georgia US, throughout the period April 29, 2016 to January 29, 2017, Entrust has: disclosed its extended validation SSL ( EV SSL ) certificate lifecycle management business practices in its Certification Practice Statements as enumerated in Attachment B, including its commitment to provide EV SSL certificates in conformity with the CA/Browser Forum Guidelines on the Entrust website, and provided such services in accordance with its disclosed practices maintained effective controls to provide reasonable assurance that: o the integrity of keys and EV SSL certificates it manages is established and protected throughout their lifecycles; and o EV SSL subscriber information is properly authenticated (for the registration activities performed by Entrust)
6 based on the WebTrust Principles and Criteria for Certification Authorities Extended Validation SSL v Very truly yours, Kirk R. Hall Director Policy and Compliance SSL June 30, 2017
7 ATTACHMENT A LIST OF IN SCOPE ROOT CAs Root CAs AffirmTrust Commercial Serial no: 77:77:06:27:26:A9:B1:7C SHA-1 Thumbprint: F9:B5:B6:32:45:5F:9C:BE:EC:57:5F:80:DC:E9:6E:2C:C7:B2:78:B7 AffirmTrust Networking Serial no: 7C:4F:04:39:1C:D4:99:2D SHA-1 Thumbprint: 29:36:21:02:8B:20:ED:02:F5:66:C5:32:D1:D6:ED:90:9F:45:00:2F AffirmTrust Premium Serial no: 6D:8C:14:46:B1:A6:0A:EE SHA-1 Thumbprint: D8:A6:33:2C:E0:03:6F:B1:85:F6:63:4F:7D:6A:06:65:26:32:28:27 AffirmTrust Premium ECC Serial no: 74:97:25:8A:C7:3F:7A:54 SHA-1 Thumbprint: B8:23:6B:00:2F:1D:16:86:53:01:55:6C:11:A4:37:CA:EB:FF:C3:BB ATTACHMENT B LIST OF AFFIRMTRUST CERTIFICATION PRACTICE STATEMENTS CPS Name Version Date Entrust Trend Micro SSL Certification Practice Statement April 2016 AffirmTrust Certification Practice Statement December 2016
8
9
10
To the management of Entrust Datacard Limited (formerly known as Entrust Limited, hereinafter Entrust ) and Trend Micro, Inc.
Audit Tax Advisory Grant Thornton LLP 2001 Market Street, Suite 700 Philadelphia, PA 19103-7080 T 215.561.4200 F 215.561.1066 www.grantthornton.com Report of Independent Practitioner To the management
More informationREPORT OF INDEPENDENT CERTIFIED PUBLIC ACCOUNTANTS
REPORT OF INDEPENDENT CERTIFIED PUBLIC ACCOUNTANTS To the Management of Internet Security Research Group: Scope We have examined the assertion by the management of the Internet Security Research Group
More informationREPORT OF INDEPENDENT CERTIFIED PUBLIC ACCOUNTANTS
REPORT OF INDEPENDENT CERTIFIED PUBLIC ACCOUNTANTS To the Management of Starfield Technologies, LLC: Scope We have examined the assertion by the management of Starfield Technologies, LLC ( Starfield )
More informationREPORT OF THE INDEPENDENT ACCOUNTANT
Tel: 314-889-1100 Fax: 314-889-1101 www.bdo.com 101 South Hanley Road, Suite 800 St. Louis, MO 63105 REPORT OF THE INDEPENDENT ACCOUNTANT To the Management of CertiPath, Inc.: We have examined CertiPath,
More informationReport of Independent Accountants
Report of Independent Accountants S.C. certsign S.A. B-dul Timisoara nr. 5A Sector 6, Bucharest, ZIP 061301, Romania We have examined the accompanying assertion 1 made by the management of S.C. certsign
More informationManagement Assertion Logius 2013
Logius Ministerie van Binnenlandse Zaken en koninkrijksrelaties Management Assertion Logius 2013 Date 20 March 2014 G3 G2 G3 1 Management Assertion Logius 2013 1 20 March 2014 Assertion of Management as
More informationIndependent Accountants Report. Utrecht, 28 January To the Management of GBO.Overheid:
KPMG IT Auditors P.O. Box 43004 3540 AA Utrecht The Netherlands Rijnzathe 14 3454 PV De Meern The Netherlands Telephone +31 (0)30 658 2150 Fax +31 (0)30 658 2199 Independent Accountants Report To the Management
More informationIndependent Accountant s Report
KPMG LLP Mission Towers I Suite 100 3975 Freedom Circle Drive Santa Clara, CA 95054 To the Management of Starfield Technologies, LLC: Independent Accountant s Report We have examined Starfield Technologies,
More informationIndependent Accountant s Report
Tel: 314-889-1100 Fax: 314-889-1101 www.bdo.com 101 South Hanley Road, Suite 800 St. Louis, MO 63105 Independent Accountant s Report To the Management of Visa U.S.A. Inc. ( Visa ): We have examined Visa
More informationReport of Independent Accountants
Ernst & Young LLP 200 Clarendon Street Boston, Massachusetts 02116 Tel: +1 (617) 266 2000 www.ey.com To the Management of Comodo CA Limited Report of Independent Accountants We have examined the assertion
More informationReport of Independent Accountants
EY Bermuda Ltd. 3 Bermudiana Road Hamilton HM08, Bermuda P.O. Box HM 463 Hamilton, HM BX, Bermuda Tel: +1 441 295 7000 Fax: +1 441 295 5193 www.ey.com/bermuda Report of Independent Accountants To the Management
More informationIndependent Accountant s Report
KPMG LLP Mission Towers I Suite 100 3975 Freedom Circle Drive Santa Clara, CA 95054 To the Management of Starfield Technologies, LLC: Independent Accountant s Report We have examined Starfield Technologies,
More informationIndependent Accountant s Report
KPMG LLP Mission Towers I Suite 100 3975 Freedom Circle Drive Santa Clara, CA 95054 To the Management of Starfield Technologies, LLC: Independent Accountant s Report We have examined Starfield Technologies,
More informationשרוני - שפלר ושות' רואי חשבון
SHARONY SHEFLER & CO. C.P.A. שרוני - שפלר ושות' רואי חשבון SHARONY ARIE SHEFLER ELI SHEFLER EREZ ESHEL BARUCH DARVISH TZION PRIESS HANA BERMAN GIL LEIBOVITCH SHLOMO SHAYZAF JACOB, Adv. Eng., M.Sc שרוני
More informationIndependent Certified Public Accountant s Report
Independent Certified Public Accountant s Report Flavio Martins Chief Operations Officer DigiCert, Inc. Dear Mr. Martins: I have examined the attached assertions by you representing the management of DigiCert,
More informationPeriod from October 1, 2013 to September 30, 2014
Assurance Report on Controls Placed in Operation and Tests of Operating Effectiveness ISAE 3402 Type 2 Period from October 1, 2013 to September 30, 2014 Frankfurt/Main Table of Contents SECTION I Independent
More informationTelia CA response to Public WebTrust Audit observations 2018
Approved on August 7, 2018 Approved by Telia Finland Oyj Telia CA Security Board 2018-08-07 1 (5) Creator Pekka Lahtiharju Telia CA response to Public WebTrust Audit observations 2018 Description This
More informationTrust Service Provider Technical Best Practices Considering the EU eidas Regulation (910/2014)
Trust Service Provider Technical Best Practices Considering the EU eidas Regulation (910/2014) This document has been developed by representatives of Apple, Google, Microsoft, and Mozilla. Document History
More informationEXPOSURE DRAFT. Based on: CA/Browser Forum. Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates Version 1.1.
EXPOSURE DRAFT WebTrust SM/TM for Certification Authorities Trust Services Principles and Criteria for Certification Authorities SSL Baseline with Network Security Based on: CA/Browser Forum Baseline Requirements
More informationWebtrends Inc. Service Organization Controls (SOC) 3 SM Report on the SaaS Solutions Services System Relevant to Security
Webtrends Inc. Service Organization Controls (SOC) 3 SM Report on the SaaS Solutions Services System Relevant to Security For the Period January 1, 2016 through June 30, 2016 SOC 3 SM SOC 3 is a service
More informationCertificate Policy for the Chunghwa Telecom ecommerce Public Key Infrastructure. Version 1.5
Certificate Policy for the Chunghwa Telecom ecommerce Public Key Infrastructure Version 1.5 Chunghwa Telecom Co., Ltd. December 1, 2017 Contents 1. INTRODUCTION... 1 1.1 OVERVIEW... 3 1.1.1 Certificate
More informationSERVICE ORGANIZATION CONTROL 3 REPORT
SERVICE ORGANIZATION CONTROL 3 REPORT Digital Certificate Solutions, Comodo Certificate Manager (CCM), and Comodo Two Factor Authentication (Comodo TF) Services For the period April 1, 2016 through March
More informationApple Corporate Certificates Certificate Policy and Certification Practice Statement. Apple Inc.
Apple Inc. Certificate Policy and Certification Practice Statement Version 1.0 Effective Date: March 12, 2015 Table of Contents 1. Introduction... 4 1.1. Trademarks... 4 1.2. Table of acronyms... 4 1.3.
More informationBugzilla ID: Bugzilla Summary:
Bugzilla ID: Bugzilla Summary: CAs wishing to have their certificates included in Mozilla products must 1) Comply with the requirements of the Mozilla CA certificate policy (http://www.mozilla.org/projects/security/certs/policy/)
More informationSAS 70 SOC 1 SOC 2 SOC 3. Type 1 Type 2
SAAABA Changes in Reports on Service Organization Controls April 18, 2012 Changes in Reports on Service Organization Controls (formerly SAS 70) April 18, 2012 Duane M. Reyhl, CPA Andrews Hooper Pavlik
More informationTHE BUSINESS VALUE OF EXTENDED VALIDATION
THE BUSINESS VALUE OF EXTENDED VALIDATION How Internet Browsers Support EV and Display Trusted Websites +1-888-690-2424 entrust.com Table of contents Introduction Page 3 Objectives Page 4 How to bring
More informationSOC Updates: Understanding SOC for Cybersecurity and SSAE 18. May 23, 2017
SOC Updates: Understanding SOC for Cybersecurity and SSAE 18 May 23, 2017 Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International.
More informationA SERVICE ORGANIZATION S GUIDE SOC 1, 2, & 3 REPORTS
A SERVICE ORGANIZATION S GUIDE SOC 1, 2, & 3 REPORTS Introduction If you re a growing service organization, whether a technology provider, financial services corporation, healthcare company, or professional
More informationTransitioning from SAS 70 to SSAE 16
Industry Webinar Series SAS 70 ENDS EXIT TO SSAE 16 Transitioning from SAS 70 to SSAE 16 How Does This Apply to Your Organization? Cindy Boyle, Partner Rodney Walsh, Director BKD IT Risk Services Agenda
More informationCERTIFICATE POLICY CIGNA PKI Certificates
CERTIFICATE POLICY CIGNA PKI Certificates Version: 1.1 Effective Date: August 7, 2001 a Copyright 2001 CIGNA 1. Introduction...3 1.1 Important Note for Relying Parties... 3 1.2 Policy Identification...
More informationCertification Policy of CERTUM s Certification Services Version 4.0 Effective date: 11 August 2017 Status: archive
Certification Policy of CERTUM s Certification Services Version 4.0 Effective date: 11 August 2017 Status: archive Asseco Data Systems S.A. Podolska Street 21 81-321 Gdynia, Poland Certum - Powszechne
More informationSOC 3 for Security and Availability
SOC 3 for Security and Availability Independent Practioner s Trust Services Report For the Period October 1, 2015 through September 30, 2016 Independent SOC 3 Report for the Security and Availability Trust
More informationApple Inc. Certification Authority Certification Practice Statement
Apple Inc. Certification Authority Certification Practice Statement Apple Application Integration Sub-CA Apple Application Integration 2 Sub-CA Apple Application Integration - G3 Sub-CA Version 6.3 Effective
More informationCSF to Support SOC 2 Repor(ng
CSF to Support SOC 2 Repor(ng Ken Vander Wal, CPA, CISA, HCISPP Chief Compliance Officer, HITRUST * ken.vanderwal@hitrustalliance.net Agenda Introduction to SOC Reporting SOC 2 and HITRUST CSF AICPA and
More informationETSI European CA DAY TRUST SERVICE PROVIDER (TSP) CONFORMITY ASSESSMENT FRAMEWORK. Presented by Nick Pope, ETSI STF 427 Leader
ETSI European CA DAY TRUST SERVICE PROVIDER (TSP) CONFORMITY ASSESSMENT FRAMEWORK Presented by Nick Pope, ETSI STF 427 Leader ETSI 2012 All rights reserved Topics Background ETSI Activities / Link to Mandate
More informationSOC 2 examinations and SOC for Cybersecurity examinations: Understanding the key distinctions
SOC 2 examinations and SOC for Cybersecurity examinations: Understanding the key distinctions DISCLAIMER: The contents of this publication do not necessarily reflect the position or opinion of the American
More informationAudit Considerations Relating to an Entity Using a Service Organization
An Entity Using a Service Organization 355 AU-C Section 402 Audit Considerations Relating to an Entity Using a Service Organization Source: SAS No. 122; SAS No. 128; SAS No. 130. Effective for audits of
More informationECC Certificate Addendum to the Comodo EV Certification Practice Statement v.1.03
ECC Certificate Addendum to the Comodo EV Certification Practice Statement v.1.03 Comodo CA, Ltd. ECC Certificate Addendum to Comodo EV CPS v. 1.03 6 March 2008 3rd Floor, Office Village, Exchange Quay,
More informationDECISION OF THE EUROPEAN CENTRAL BANK
L 74/30 Official Journal of the European Union 16.3.2013 DECISIONS DECISION OF THE EUROPEAN CENTRAL BANK of 11 January 2013 laying down the framework for a public key infrastructure for the European System
More informationDark Matter L.L.C. DarkMatter Certification Authority
Dark Matter L.L.C. DarkMatter Certification Authority Certification Practice Statement V1.6 July 2018 1 Signature Page Chair, DarkMatter PKI Policy Authority Date 2 Document History Document Version Document
More informationCA/Browser Forum Meeting
CA/Browser Forum Meeting WebTrust for CA Update June 21, 2017 Jeff Ward / Don Sheehy / Janet Treasure Current Status WebTrust for CA 2.1 As you are aware, based on ISO 21188 WebTrust criteria based on
More informationApple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.10 Effective Date: June 10, 2013
Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.10 Effective Date: June 10, 2013 Table of Contents 1. Introduction... 5 1.1. Trademarks... 5
More informationOISTE-WISeKey Global Trust Model
OISTE-WISeKey Global Trust Model Certification Practices Statement (CPS) Date: 18/04/2018 Version: 2.10 Status: FINAL No. of Pages: 103 OID: 2.16.756.5.14.7.1 Classification: PUBLIC File: WKPKI.DE001 -
More informationApple Inc. Certification Authority Certification Practice Statement. Apple Application Integration Sub-CA Apple Application Integration 2 Sub-CA
Apple Inc. Certification Authority Certification Practice Statement Apple Application Integration Sub-CA Apple Application Integration 2 Sub-CA Version 4.0 Effective Date: September 18, 2013 Table of Contents
More informationWithin our recommendations for editorial changes, additions are noted in bold underline and deletions in strike-through.
1633 Broadway New York, NY 10019-6754 Mr. Jim Sylph Executive Director, Professional Standards International Federation of Accountants 545 Fifth Avenue, 14th Floor New York, NY 10017 Dear Mr. Sylph: We
More information(1) Jisc (Company Registration Number ) whose registered office is at One Castlepark, Tower Hill, Bristol, BS2 0JA ( JISC ); and
SUB-LRA AGREEMENT BETWEEN: (1) Jisc (Company Registration Number 05747339) whose registered office is at One Castlepark, Tower Hill, Bristol, BS2 0JA ( JISC ); and (2) You, the Organisation using the Jisc
More informationSSL/TSL EV Certificates
SSL/TSL EV Certificates CA/Browser Forum Exploratory seminar on e-signatures for e-business in the South Mediterranean region 11-12 November 2013, Amman, Jordan Moudrick DADASHOW CEO, Skaitmeninio Sertifikavimo
More informationCalifornia ISO Audit Results for 2011 SSAE 16 & Looking Forward for 2012 December 15, 2011
www.pwc.com California ISO Audit Results for 2011 SSAE 16 & Looking Forward for 2012 December 15, 2011 Agenda SSAE 16 Background Results of Audit Scope of Audit Looking Forward Closing Thoughts Slide 1
More informationIndependent Assurance Statement
Independent Assurance Statement Scope and Objectives DNV GL Business Assurance USA, Inc. (DNV GL) was commissioned by Lockheed Martin Corporation (Lockheed Martin) to conduct independent assurance of its
More informationTechnical Trust Policy
Technical Trust Policy Version 1.2 Last Updated: May 20, 2016 Introduction Carequality creates a community of trusted exchange partners who rely on each organization s adherence to the terms of the Carequality
More informationWHICH SOC REPORT IS RIGHT FOR YOUR CLIENT?
CPAs & ADVISORS STRATEGIC ALLIANCE WEBINAR SERIES WHICH SOC REPORT IS RIGHT FOR YOUR CLIENT? June 20, 2017 Cindy Boyle TO RECEIVE CPE CREDIT Participate in entire webinar Answer polls when they are provided
More informationPREPARING FOR SOC CHANGES. AN ARMANINO WHITE PAPER By Liam Collins, Partner-In-Charge, SOC Audit Practice
PREPARING FOR SOC CHANGES AN ARMANINO WHITE PAPER By Liam Collins, Partner-In-Charge, SOC Audit Practice On May 1, 2017, SSAE 18 went into effect and superseded SSAE 16. The following information is here
More informationInformation for entity management. April 2018
Information for entity management April 2018 Note to readers: The purpose of this document is to assist management with understanding the cybersecurity risk management examination that can be performed
More informationSOC Reporting / SSAE 18 Update July, 2017
SOC Reporting / SSAE 18 Update July, 2017 Agenda SOC Refresher Overview of SSAE 18 Changes to SOC 1 Changes to SOC 2 Quiz / Questions Various Types of SOC Reports SOC for Service Organizations (http://www.aicpa.org/soc4so)
More informationIntroduction of the Identity Assurance Framework. Defining the framework and its goals
Introduction of the Identity Assurance Framework Defining the framework and its goals 1 IAEG Charter Formed in August of 07 to develop a global standard framework and necessary support programs for validating
More informationISACA Cincinnati Chapter March Meeting
ISACA Cincinnati Chapter March Meeting Recent and Proposed Changes to SOC Reports Impacting Service and User Organizations. March 3, 2015 Presenters: Sayontan Basu-Mallick Lori Johnson Agenda SOCR Overview
More informationIT Security Evaluation and Certification Scheme Document
IT Security Evaluation and Certification Scheme Document June 2015 CCS-01 Information-technology Promotion Agency, Japan (IPA) IT Security Evaluation and Certification Scheme (CCS-01) i / ii Table of Contents
More informationGlobal Specification Protocol for Organisations Certifying to an ISO Standard related to Market, Opinion and Social Research.
CONTENTS i. INTRODUCTION 3 ii. OVERVIEW SPECIFICATION PROTOCOL DOCUMENT DEVELOPMENT PROCESS 4 1. SCOPE 5 2. DEFINITIONS 5 3. REFERENCES 6 4. MANAGEMENT STANDARDS FOR APPROVED CERTIFICATION BODIES 6 4.1
More informationSOC for cybersecurity
April 2018 SOC for cybersecurity a backgrounder Acknowledgments Special thanks to Francette Bueno, Senior Manager, Advisory Services, Ernst & Young LLP and Chris K. Halterman, Executive Director, Advisory
More informationApple Inc. Certification Authority Certification Practice Statement
Apple Inc. Certification Authority Certification Practice Statement Apple Application Integration Sub-CA Apple Application Integration 2 Sub-CA Apple Application Integration - G3 Sub-CA Version 6.2 Effective
More informationComparison of Electronic Signature between Europe and Japan: Possibiltiy of Mutual Recognition
Comparison of Electronic Signature between Europe and Japan: Possibiltiy of Mutual Recognition 1 Soshi Hamaguchi, 1 Toshiyuki Kinoshita, 2 Satoru Tezuka 1 Tokyo University of Technology, Tokyo, Japan,
More informationPlease the completed POL to the following address:
Hello [Customer], Symantec is unable to verify the order details you have provided in our currently available public resources. To continue processing your code signing certificate for [Organization],
More informationSymantec Trust Network (STN) Certificate Policy
Symantec Trust Network (STN) Certificate Policy Version 2.8.24 September 8, 2017 Symantec Corporation 350 Ellis Street Mountain View, CA 94043 USA +1 650.527.8000 www.symantec.com - i - - ii - Symantec
More informationDirectTrust Governmental Trust Anchor Bundle Standard Operating Procedure
DirectTrust Governmental Trust Anchor Bundle Standard Operating Procedure Change Control Date Version Description of changes 15-December- 2016 1-December- 2016 17-March- 2016 4-February- 2016 3-February-
More informationApple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations
Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.18 Effective Date: August 16, 2017 Table of Contents 1. Introduction... 5 1.1. Trademarks...
More informationQUALIFYING ATTESTATION LETTER
TAYLLORCOX s.r.o. Member of TAYLLORCOX UK Ltd. 75 King William St., EC4N, London, UK TAYLLORCOX PCEB, certification body No. 3239, accredited in accordance with ČSN EN ISO/IEC 17065:2013 by Czech Accreditation
More informationthawte Certification Practice Statement Version 3.4
thawte Certification Practice Statement Version 3.4 Effective Date: July, 2007 thawte Certification Practice Statement 2006 thawte, Inc. All rights reserved. Printed in the United States of America. Revision
More informationApproved 10/15/2015. IDEF Baseline Functional Requirements v1.0
Approved 10/15/2015 IDEF Baseline Functional Requirements v1.0 IDESG.org IDENTITY ECOSYSTEM STEERING GROUP IDEF Baseline Functional Requirements v1.0 NOTES: (A) The Requirements language is presented in
More informationQUALIFYING ATTESTATION LETTER
TAYLLORCOX s.r.o. Member of TAYLLORCOX UK Ltd. 75 King William St., EC4N, London, UK TAYLLORCOX PCEB, certification body No. 3239, accredited in accordance with ČSN EN ISO/IEC 17065:2013 by Czech Accreditation
More informationMeeting the Meaningful Use Security and Privacy Measure
Meeting the Meaningful Use Security and Privacy Measure Meeting the MU Security Measure a risk analysis Complete a risk management assessment Implement an Employee Training Program and Employee Sanction
More informationC22: SAS 70 Practices and Developments Todd Bishop, PricewaterhouseCoopers
C22: SAS 70 Practices and Developments Todd Bishop, PricewaterhouseCoopers SAS No. 70 Practices & Developments Todd Bishop Director, Risk Assurance Services, PricewaterhouseCoopers Agenda SAS 70 Background
More informationTimber Products Inspection, Inc.
Timber Products Inspection, Inc. Product Certification Public Document Timber Products Inspection, Inc. P.O. Box 919 Conyers, GA 30012 Phone: (770) 922-8000 Fax: (770) 922-1290 TP Product Certification
More informationAdopting SSAE 18 for SOC 1 reports
Adopting SSAE 18 for SOC 1 reports Overview Since its adoption in 2011, service auditor reports issued in accordance with SSAE 16 have become increasingly common in the marketplace. In April 2016, the
More informationNATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY Standardization of Entity Authentication Assurance 5th ETSI Security Workshop 20-2222 January 2010 ETSI, Sophia Antipolis, France Erika McCallister, Esq.,
More informationWescom Solutions, Inc. Practitioner Engagement Android Version CFR EPCS Certification Report
Wescom Solutions, Inc. Practitioner Engagement Android Version 1.0 21 CFR EPCS Certification Report April 27, 2017 Prepared by Drummond Group drummondgroup.com Page 1 of 5 Certification Summary Overview
More informationINTERNATIONAL STANDARD ON AUDITING 505 EXTERNAL CONFIRMATIONS CONTENTS
INTERNATIONAL STANDARD ON AUDITING 505 EXTERNAL CONFIRMATIONS (Effective for audits of financial statements for periods beginning on or after December 15, 2009) CONTENTS Paragraph Introduction Scope of
More informationGlobalSign Certificate Policy
GlobalSign Certificate Policy Date: 20th August 2015 Version: v5.0 Table of Contents TABLE OF CONTENTS... 2 DOCUMENT HISTORY... 7 ACKNOWLEDGMENTS... 7 1.0 INTRODUCTION... 9 1.1 OVERVIEW... 9 Additional
More informationAudit Attestation for. T-Systems International GmbH
Space LOGO CAB Audit Attestation for T-Systems International GmbH Reference: AA2018072004 Essen, 20.07.2018 To whom it may concern, This is to confirm that TÜV Informationstechnik GmbH has successfully
More informationGlobalSign Certification Practice Statement
GlobalSign Certification Practice Statement Date: May 12th 2009 Version: v.6.5 Table of Contents DOCUMENT HISTORY... 3 HISTORY... 3 ACKNOWLEDGMENTS... 4 1.0 INTRODUCTION... 5 1.1 OVERVIEW... 6 1.2 GLOBALSIGN
More informationInternational Standard on Auditing (Ireland) 505 External Confirmations
International Standard on Auditing (Ireland) 505 External Confirmations MISSION To contribute to Ireland having a strong regulatory environment in which to do business by supervising and promoting high
More informationIndonesia - SNI Certification Service Terms
Indonesia - SNI Certification Service Terms These Service Terms shall govern the Indonesian National Standard ( SNI ) Certification Services performed by the UL Contracting Party (as identified in the
More informationAchieving third-party reporting proficiency with SOC 2+
Achieving third-party reporting proficiency with SOC 2+ Achieving third-party reporting proficiency with SOC 2+ Today s organizations do business within a broad ecosystem. Customers, partners, agents,
More informationEXTERNAL CONFIRMATIONS SRI LANKA AUDITING STANDARD 505 EXTERNAL CONFIRMATIONS
SRI LANKA STANDARD 505 EXTERNAL CONFIRMATIONS (Effective for audits of financial statements for periods beginning on or after 01 January 2014) CONTENTS Paragraph Introduction Scope of this SLAuS... 1 External
More informationDemonstrating data privacy for GDPR and beyond
Demonstrating data privacy for GDPR and beyond EY data privacy assurance services Introduction The General Data Protection Regulation (GDPR) is ushering in a new era of data privacy in Europe. Organizations
More informationNational Identity Exchange Federation. Trustmark Signing Certificate Policy. Version 1.0. Published October 3, 2014 Revised March 30, 2016
National Identity Exchange Federation Trustmark Signing Certificate Policy Version 1.0 Published October 3, 2014 Revised March 30, 2016 Copyright 2016, Georgia Tech Research Institute Table of Contents
More informationFPKIPA CPWG Antecedent, In-Person Task Group
FBCA Supplementary Antecedent, In-Person Definition This supplement provides clarification on the trust relationship between the Trusted Agent and the applicant, which is based on an in-person antecedent
More informationCandidate Brochure. V15.1a. American Society of Professional Estimators 2525 Perimeter Place Dr., Ste. 103 Nashville, TN 37214
Candidate Brochure American Society of Professional Estimators 2525 Perimeter Place Dr., Ste. 103 Nashville, TN 37214 615.316.9200 Fax 615.316.9800 ACCE Recognized Program V15.1a Revised V15.1a May 2017
More informationIT Attestation in the Cloud Era
IT Attestation in the Cloud Era The need for increased assurance over outsourced operations/ controls April 2013 Symeon Kalamatianos M.Sc., CISA, CISM Senior Manager, IT Risk Consulting Contents Introduction
More informationEthics for Virginia CPAs
Ethics for Virginia CPAs Course Instructions and Final Examination Ethics for Virginia CPAs By Colleen Neuharth McClain, CPA CPE Edition Distributed by The CPE Store www.cpestore.com 1-800-910-2755 The
More informationNETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS
NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS Scope and Applicability: These Network and Certificate System Security Requirements (Requirements) apply to all publicly trusted Certification Authorities
More informationRetirement of SAS 70 and a new generation of Service Organization Control (SOC) Reports
new generation of Service Organization Control (SOC) Reports Presented by: Nina Currigan, KPMG Advisory Manager Karen Krebsbach, Ernst & Young Advisory Manager With you today Nina Currigan Advisory Manager
More informationNE HIMSS Vendor Risk. October 9, 2015 MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS
NE HIMSS Vendor Risk October 9, 2015 MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2014 Wolf & Company, P.C. Does Vendor Management Feel Like This? 2 Vendor Risk Management Lifecycle
More informationPhysical Security Reliability Standard Implementation
Physical Security Reliability Standard Implementation Attachment 4b Action Information Background On March 7, 2014, the Commission issued an order directing NERC to submit for approval, within 90 days,
More information10/12/17. CPA Alberta Professional and Public Accounting Practice Varied Registration Model CPA FORUM NORTH OCTOBER 23 RD, 2017 JASPER, ALBERTA
CPA Alberta Professional and Public Accounting Practice Varied Registration Model CPA FORUM NORTH OCTOBER 23 RD, 2017 JASPER, ALBERTA Larry Brownoff CPA, CA Director, Professional and Career Services Professional
More informationJune 2009 Addendum to the Comodo EV Certification Practice Statement v.1.03
June 2009 Addendum to the Comodo EV Certification Practice Statement v.1.03 Comodo CA, Ltd. Addendum to Comodo EV CPS v. 1.03 8 June 2009 3rd Floor, Office Village, Exchange Quay, Trafford Road Salford,
More informationCERT Symposium: Cyber Security Incident Management for Health Information Exchanges
Pennsylvania ehealth Partnership Authority Pennsylvania s Journey for Health Information Exchange CERT Symposium: Cyber Security Incident Management for Health Information Exchanges June 26, 2013 Pittsburgh,
More informationInformation Technology Branch Organization of Cyber Security Technical Standard
Information Technology Branch Organization of Cyber Security Technical Standard Information Management, Administrative Directive A1461 Cyber Security Technical Standard # 1 November 20, 2014 Approved:
More informationArticle II - Standards Section V - Continuing Education Requirements
Article II - Standards Section V - Continuing Education Requirements 2.5.1 CONTINUING PROFESSIONAL EDUCATION Internal auditors are responsible for maintaining their knowledge and skills. They should update
More informationNZQA registered unit standard 8086 version 7 Page 1 of 5. Demonstrate knowledge required for quality auditing
Page 1 of 5 Title Demonstrate knowledge required for quality auditing Level 4 Credits 4 Purpose People credited with this unit standard are able to demonstrate knowledge of: quality auditing, preparation
More informationRe: Exposure Draft Proposed ISAE 3402 on Assurance Reports on Controls at a Third Party Service Organization
Date Le Président Fédération Avenue d Auderghem 22-28 des Experts 1040 Bruxelles 31 May 2008 Comptables Tél. 32 (0) 2 285 40 85 Européens Fax: 32 (0) 2 231 11 12 AISBL E-mail: secretariat@fee.be Mr. Jim
More information