Providers of SSL certificates and trust services benefit from combined audits – two standards, one audit run.
Business is booming for providers of SSL/TLS certificates. After all, website operators have had to ensure an SSL/TLS-secured connection to their users’ browsers for quite some time. All established browsers, Google Chrome, Mozilla Firefox, Apple Safari as well as the counterparts from Microsoft now enforce a respective protection of web communication. Providers of the required SSL/TLS certificates have already had to obtain authorisation from the browser developers Google, Mozilla, Microsoft and Apple in the past. For companies based in the EU, this was possible on the basis of the established eIDAS/ETSI. Google has now been the first company to restrict this procedure (https://www.chromium.org/Home/chromium-security/root-ca-policy), so that an audit in accordance with the WebTrust requirements of CPA Canada may become necessary for the provider.
For providers of SSL/TLS TÜV certificates who are audited according to the EU requirements of eIDAS/ETSI anyway, TÜV TRUST IT now offers for the first time the approval of both assessments together in one audit run in cooperation with the auditors from Crowe FST. The result is a significant time and cost reduction.
As an independent service provider, TÜV TRUST IT GmbH TÜV AUSTRIA Group of Companies employs experienced experts in the field of testing and certification according to eIDAS/ETSI requirements and already works closely with trust service providers and providers of SSL/TLS certificates. In order to continue offering its customers an ideal service, TÜV TRUST IT is now reacting to the new requirements by expanding its service portfolio.
Doubled benefit without additional time and effort
“We do not want EU providers to be disadvantaged in their cooperation with browser producers compared to WebTrust-audited companies”, says Dirk Münchhausen, Managing Director of TÜV TRUST IT. “Therefore, we are very pleased to have found a partner in Crowe FST who also offers the established WebTrust audit scheme, so that in future we can jointly conduct both audits on just one date – saving time and money.” Ferenc Kölber from Crowe FST explains the procedure: “The eIDAS and WebTrust standards are very close to each other in terms of content, which enables us to audit according to both standards in cooperation with TÜV TRUST IT in a single joint audit. The cooperation is a great thing for all companies that need the European accreditation anyway, but have further options with the audit scheme we offer.”
Thanks to the cooperation with Crowe FST, TÜV TRUST IT is one of the first IT security service providers to actively cooperate with a public auditing company for this purpose.