You have arrived here from a SysTrust SM/TM or WebTrust SM/TM certified site. The applicable SysTrust or WebTrust Seal of assurance symbolizes that this site has been examined by an independent accountant.  Further, the Seal represents the practitioner’s report (see below) on management's assertion(s) that the entity's business being relied upon is in conformity with the applicable Trust Services Principle(s) and Criteria.

The Trust Services Principles and Criteria is an international set of principles and criteria for systems and electronic commerce developed and managed jointly by the American Institute of Certified Public Accountants and the Canadian Institute of Chartered Accountants. By demonstrating compliance with Trust Services criteria through an examination by an independent practitioner, entities earn the right to display the seal of assurance.

The Seal of assurance combines high standards for identified activities with the requirement for an independent verification/audit. Together they build trust and confidence among consumers and businesses conducting business over the Internet.

The entity has earned the right to display the Seal of assurance with respect to the Trust Service Principle(s) of:

Availability

The Availability Principle addresses accessibility to the defined system, products, or services as advertised or committed by contract, service-level, or other agreements. This Principle does not, in itself, set an acceptable minimum availability percentage performance level for Web sites or service provider access. The minimum availability percentage is established by mutual agreement (contract) between the customer and the service provider. The criteria include requirements that:

  • availability policies exist,
  • the entity communicates the defined system availability policies to authorized users,
  • the entity uses procedures to achieve its documented system availability objectives in accordance with its defined policies, and
  • controls exist to monitor compliance with its defined system availability policies.

Processing Integrity

The Processing Integrity Principle requires an entity to meet high standards for the completeness, accuracy, timeliness, and authorization of system processing including the processing of electronic commerce transactions. Processing integrity exists if a system performs its intended function in an unimpaired manner, free from unauthorized or inadvertent manipulation.  The criteria includes requirements that:

  • all transactions and services are processed or performed without exception, and that transactions and services are not processed more than once,
  • key information about the transaction will remain accurate throughout the processing of the transaction,
  • the timeliness of the provision of services or the delivery of goods is addressed in the context of commitments made for such delivery,
  • the entity uses procedures to achieve its documented system processing integrity objectives in accordance with its defined policies, and
  • authorization includes assurances that processing is performed in accordance with the required approvals and privileges defined by policies governing system processing.

Security

The Security Principle requires an entity to meet high standards for the protection of the system components from unauthorized access, both logical and physical. The criteria includes requirements that the entity

  • has effective security policies,
  • discloses its key security practices,
    uses procedures to achieve its documented system security objectives in accordance with its defined policies, and
  • has controls to ensure that these policies are followed.

Audit Report


Links:

SysTrust Principles and Criteria
ICANN ORG
IANA ORG

IANA Root DNSSEC
IANA DNSSEC SysTrust Certification