Cancel

double-chevron

Support center

Find your answer by topic or keyword

 

Certifications & Compliance

Since 1998, the Notarius Certificate Authority (CA), based on a Public Key Infrastructure (PKI), has been recognized and trusted by government agencies.

As a leading expert in electronic signatures, digital signatures, and long-term document reliability since 1998, Notarius is the only Canadian firm that issues trusted signatures recognized both by Adobe (Adobe Approved Trust List – AATL) and Microsoft (Microsoft Trusted Root Certificate Program).

Notarius is an environmentally responsible, certified carbon-neutral business.

In 2007, the Notarius Certificate Authority was the first in North America to be certified ISO/CEI 27001 (Information technology — Security techniques: Information security management systems — Requirements & Code of practice for information security controls). ISO 27001 primarily focuses on preserving the confidentiality, integrity, and availability of information as part of the risk management process.

Notarius is also certified eIDAS (ETSI EN 319 401; ETSI EN 319 411-1; ETSI EN 319 411-2; ETSI EN 319 412-3) and ISO 9001 (Quality management systems — Requirements) and is a member of leading organizations in the field of trusted third parties (FNTC, DIACC and the Cloud Signature Consortium).

All Notarius’ processes are controlled and audited annually by external, certified and independent auditors.

The following is a list of some of the controls performed annually (non-limitative list):

  • Information security management system
  • Information security roles and responsibilities
  • Segregation of duties
  • Terms and conditions of employment
  • Contact with authorities
  • Supplier Relationships
  • Management responsibilities
  • Security awareness and training
  • Disciplinary process
  • Access control policy
  • Security checks
  • Change management
  • Security Incidents process
  • Business Continuity Management
  • Information security policy
  • Information security risk assessment, treatment, results
  • Mobile device policy
  • Teleworking
  • Assets (inventory, acceptable use, classification, return, etc.)
  • Backups
  • Operations Security
  • System Acquisition, Development and Maintenance
  • General T’s&C’s / User Agreement
  • Privacy and data protection policy
  • SLA

Note that the specificities of Cloud products are also audited (See ISO/IEC 27018 :2019 Code of practice for protection of personally identifiable information in public clouds acting as PII processors)

ln addition to our certifications, you get peace of mind from knowing your documents are admissible as evidence (not merely prima facie evidence) under Canadian Law.