Compliance Frameworks

One of our main objectives at Keyfactor is customer trust and safety. To ensure that our customers can trust us and our product we implemented many of the following frameworks into our product. See details below on our status of each of the frameworks.

SOC 2

Our internal audit function has applied SOC 2 criteria to the EJBCA SaaS control environment but we are not officially compliant. However, becoming SOC 2 compliant is on our near future roadmap.

EJBCA SaaS is hosted on AWS and Azure which are both SOC 2 compliant.

ISO 27001

Keyfactor is ISO 27001 certified. EJBCA SaaS is hosted on AWS and Azure which are also ISO 27001 certified.

ISO 27017

Our internal audit function has applied ISO 27017 criteria to the EJBCA SaaS control environment but we are not officially certified. We are currently in the process of becoming certified.

EJBCA SaaS is hosted on AWS and Azure which are ISO 27017 certified.

ISO 14001

Keyfactor is ISO 14001 certified. ISO 14001 is also known as the standard that covers environmental management systems.

ISO 9001

Keyfactor is ISO 9001 certified. ISO 9001 is also known as the standard that covers quality management systems.

Common Criteria

EJBCA Enterprise is Common Criteria certified, see Common Criteria.

HIPAA

EJBCA SaaS does not store, transmit, or process PHI (Protected Health Information). As such, HIPPA does not apply to EJBCA SaaS.

EJBCA SaaS is also hosted on AWS and Azure which are HIPAA compliant.

PCI DSS

Usage of the EJBCA SaaS is fed from our application to AWS and Azure. AWS and Azure handles the billing for the usage of our product. EJBCA SaaS does not store credit card data.

EJBCA SaaS is built on AWS and Azure which are PCI DSS compliant (as shown on the AWS Cloud Security website).

CSA Star

Keyfactor is in the process of becoming STAR Level 1 certified.

EJBCA SaaS is also hosted on AWS and Azure which are CSA Star certified.