Certifications & Compliance

The SigningHub cryptographic engine has been independently-evaluated and certified to be compliant with the CEN CWA 14167-1. This standard specifies the requirements for trustworthy systems for the issuance and management of EU Qualified Certificates. The SigningHub internal Certificate Authority (CA), OCSP Validation Authority (VA) and Time Stamp authority (TSA) services were all certified. In addition the SigningHub signature creation and verification services are compliant with CEN CWA 14170 and CWA 14171.

SigningHub supports the use of FIPS 140-2 and Common Criteria EAL 4+ certified HSMs, Secure Signature Creation Devices (SSCDs) and Qualified Signature Creation Devices (QSCD) under the new EU eIDAS regulations. We partner with a number of secure hardware vendors including SafeNet, Thales and Utimaco.

SigningHub Cloud is also available as part of the UK Government Software as a Service G-Cloud 6 initiative.

SigningHub Cloud is located in a secure and resilient data centre which has been independently certified under various schemes including:

ISO 27001/27002

SOC 1/SSAE 16/ISAE 3402 & SOC 2

Cloud Security Alliance CCM



FBI CJIS (Azure Government)

PCI DSS Level 1

United Kingdom G-Cloud

Australian Government IRAP

Singapore MTCS Standard

EU Model Clauses

Food and Drug Administration 21 CFR Part 11


FIPS 140-2