The SigningHub cryptographic engine has been independently-evaluated and certified to be compliant with the CEN CWA 14167-1. This standard specifies the requirements for trustworthy systems for the issuance and management of EU Qualified Certificates. The SigningHub internal Certificate Authority (CA), OCSP Validation Authority (VA) and Time Stamp authority (TSA) services were all certified. In addition the SigningHub signature creation and verification services are compliant with CEN CWA 14170 and CWA 14171.
SigningHub supports the use of FIPS 140-2 and Common Criteria EAL 4+ certified HSMs, Secure Signature Creation Devices (SSCDs) and Qualified Signature Creation Devices (QSCD) under the new EU eIDAS regulations. We partner with a number of secure hardware vendors including SafeNet, Thales and Utimaco.
SigningHub Cloud is also available as part of the UK Government Software as a Service G-Cloud 6 initiative.
SOC 1/SSAE 16/ISAE 3402 & SOC 2
Cloud Security Alliance CCM
FBI CJIS (Azure Government)
PCI DSS Level 1
United Kingdom G-Cloud
Australian Government IRAP
Singapore MTCS Standard
EU Model Clauses
Food and Drug Administration 21 CFR Part 11