Compliance & Certifications

QuantumSecure maintains the highest standards of compliance and security certifications to ensure trust and regulatory adherence across global markets and industries.

Last updated: 2024-12-01

Active Certifications

Regulatory Frameworks

12+

Annual Audits

100%

Compliance Score

Security Certifications

SOC 2 Type II

Certified

Comprehensive audit of security, availability, processing integrity, confidentiality, and privacy controls.

Auditor:Deloitte & Touche LLP

Valid Until:2025-06-30

ISO 27001:2013

Certified

International standard for information security management systems (ISMS).

Auditor:BSI Group

Valid Until:2025-03-15

FIPS 140-2 Level 3

Certified

Federal standard for cryptographic modules used in government and regulated industries.

Auditor:NIST CMVP

Valid Until:2026-01-20

WebTrust for CAs

Certified

Industry standard for certificate authorities operating in the public trust ecosystem.

Auditor:KPMG LLP

Valid Until:2025-12-31

Common Criteria EAL4+

In Progress

International standard for computer security certification.

Auditor:atsec information security

Valid Until:Q2 2025

FedRAMP Moderate

In Progress

Federal risk and authorization management program for cloud services.

Auditor:Coalfire Systems

Valid Until:Q3 2025

Regulatory Compliance

GDPR

European Union

General Data Protection Regulation compliance for EU data subjects.

Compliant

Compliance Measures:

Data Protection Impact Assessments (DPIAs)

Privacy by Design implementation

Data subject rights management

Cross-border data transfer safeguards

Breach notification procedures

CCPA/CPRA

California, USA

California Consumer Privacy Act and California Privacy Rights Act compliance.

Compliant

Compliance Measures:

Consumer rights request handling

Data minimization practices

Third-party data sharing controls

Opt-out mechanisms

HIPAA

United States

Health Insurance Portability and Accountability Act for healthcare customers.

Compliant

Compliance Measures:

Business Associate Agreements (BAAs)

Administrative safeguards

Physical safeguards

Technical safeguards

Breach notification procedures

PCI DSS

Global

Payment Card Industry Data Security Standard for payment processing.

Compliant

Compliance Measures:

Secure network architecture

Cardholder data protection

Vulnerability management

Access control measures

Regular security testing

Industry Standards

CA/Browser Forum Baseline Requirements

Full Compliance

Industry standards for publicly-trusted certificate authorities.

Last Audit: 2024-11-15

RFC 3647 - Certificate Policy and CPS

Full Compliance

Internet standard for certificate policy and certification practice statements.

Last Audit: 2024-10-20

NIST SP 800-208

Full Compliance

NIST guidelines for post-quantum cryptographic algorithms.

Last Audit: 2024-12-01

ETSI EN 319 411

Full Compliance

European standard for certificate authorities and trust service providers.

Last Audit: 2024-09-30

Upcoming Audit Schedule

SOC 2 Type II Annual Audit

Deloitte & Touche LLP•Security, Availability, Confidentiality

2025-03-15

ISO 27001 Surveillance Audit

BSI Group•Information Security Management

2025-01-20

WebTrust for CAs Annual Audit

KPMG LLP•CA Operations and Controls

2025-06-30

FIPS 140-2 Re-validation

NIST CMVP•Cryptographic Module Validation

2025-09-15

Compliance Resources

Certificate Practice Statement (CPS)

PDF • 2.1 MB

Certificate Policy (CP)

PDF • 1.8 MB

SOC 2 Type II Report

PDF • 3.2 MB

ISO 27001 Certificate

PDF • 0.5 MB

FIPS 140-2 Certificate

PDF • 0.8 MB

WebTrust Audit Report

PDF • 2.7 MB

Compliance Inquiries

For compliance documentation, audit reports, or regulatory questions:

Compliance Team: compliance@quantumsecure.app

Legal Team: legal@quantumsecure.app