The applicable SysTrust or WebTrust Seal of assurance symbolizes that this site has been examined by an independent accountant. Further, the Seal represents the practitioner’s report (see below) on management's assertion(s) that the entity's business being relied upon is in conformity with the applicable Trust Services Principle(s) and Criteria.
The Trust Services Principles and Criteria is an international set of principles and criteria for systems and electronic commerce developed and managed jointly by the American Institute of Certified Public Accountants and the Canadian Institute of Chartered Accountants. By demonstrating compliance with Trust Services criteria through an examination by an independent practitioner, entities earn the right to display the seal of assurance.
The Seal of assurance combines high standards for identified activities with the requirement for an independent verification/audit. Together they build trust and confidence among consumers and businesses conducting business over the Internet.
The entity has earned the right to display the Seal of assurance with respect to the Trust Service Principle(s) of:
The Availability Principle addresses accessibility to the defined system, products, or services as advertised or committed by contract, service-level, or other agreements. This Principle does not, in itself, set an acceptable minimum availability percentage performance level for Web sites or service provider access. The minimum availability percentage is established by mutual agreement (contract) between the customer and the service provider. The criteria include requirements that:
- availability policies exist,
- the entity communicates the defined system availability policies to authorized users,
- the entity uses procedures to achieve its documented system availability objectives in accordance with its defined policies, and
- controls exist to monitor compliance with its defined system availability policies.
The Confidentiality Principle addresses information designated as confidential and obtained online from existing and potential business partners. The criteria include requirements that:
- confidentiality policies exist,
- the entity discloses its practices relating to the manner in which it provides for authorized access to, and uses and shares information designated as confidential,
- the entity uses procedures to achieve its documented confidentiality objectives in accordance with its defined policies, and
- controls exist to ensure that the confidentiality policies are followed in accordance with the policy and arrangements executed by the affected parties.
The Processing Integrity Principle requires an entity to meet high standards for the completeness, accuracy, timeliness, and authorization of system processing including the processing of electronic commerce transactions. Processing integrity exists if a system performs its intended function in an unimpaired manner, free from unauthorized or inadvertent manipulation. The criteria includes requirements that:
- all transactions and services are processed or performed without exception, and that transactions and services are not processed more than once,
- key information about the transaction will remain accurate throughout the processing of the transaction,
- the timeliness of the provision of services or the delivery of goods is addressed in the context of commitments made for such delivery,
the entity uses procedures to achieve its documented system processing integrity objectives in accordance with its defined policies, and
- authorization includes assurances that processing is performed in accordance with the required approvals and privileges defined by policies governing system processing.
The Security Principle requires an entity to meet high standards for the protection of the system components from unauthorized access, both logical and physical. The criteria includes requirements that the entity
- has effective security policies,
- discloses its key security practices,
uses procedures to achieve its documented system security objectives in accordance with its defined policies, and
- has controls to ensure that these policies are followed.
Click here to view ZixCorp's Audit Report, Management Assertions and System Description.
For additional information about SysTrust principles and criteria, click here.