How do I get a copy of an SSAE-18 SOC 2 Type II audit report?
IdenTrust does undergo an SSAE-18 SOC 2 Type II audit every year. However, since the detailed information in the audit report is company-confidential, we require an NDA to be in place.
An alternative that does not require an NDA:
As a Certificate Authority, IdenTrust undergoes a WebTrust for Certificate Authorities audit, and the attestation letter for this audit is publicly available without the need for an NDA. The WebTrust for CA audit examines not only the same general information security practices as the SOC 2 criteria does, but also certificate life cycle practices including proper handling of applicant information. The link for the WebTrust for CA audit is at the bottom of our home page. You may also be interested in examining our Privacy Policy.