← Sectigo cases
Bugzilla #1902310
Audit Related
Sectigo: Trusted Role Access provided prior to completion of onboarding process
RESOLVED
FIXED
Sectigo
AI Summary
During an annual WebTrust audit, Sectigo identified that access to Certificate Systems was granted to two employees before completing their background checks, and to three others before finishing their validation training. Although this was found to technically meet their CPS requirements, it raised concerns about compliance with internal policies. The incident was documented, and a full report was provided, highlighting the need for stricter adherence to training and background check protocols. The case has been resolved with all action items completed.
Chronology
- Verification of identity for Employee #1 and #2 completed.
- Certificate System accounts created for Employee #1 and #2.
- Internal audit report highlights policy violation.
- Final action item in incident report completed.
- Discussion on closing the bug.
Participants
Martijn Katerbarg
Tim Callan
B. Wilson
External References
Similar Local Cases
Sectigo: Potential audit report delay
Network Solutions: Audit report delay
Sectigo audit reports
QuoVadis: Findings in 2024 ETSI Audit of QuoVadis Qualified Web ICA G2
Network Solutions: 2021 Audit Observation #3
certSIGN: Findings in 2024 ETSI Audit - Audit Incident Report
Telia: Findings in Audit 2023
ANF AC: 2023 Audit Report Finding