Skip to main content

Information Security Policy

Purpose

Webprofusion Pty Ltd, as operator of the certifytheweb.com service, is committed to protecting the confidentiality, integrity, and availability of information provided by customers and partners. This Information Security Policy outlines our approach to managing information security risks associated with the development, operation, and support of the certifytheweb.com service.

This policy is designed to provide transparency into our security objectives and management practices and forms part of our broader Information Security Management System (ISMS), aligned with ISO/IEC 27001 principles.

Scope

This policy applies to the Certify The Web applications and supporting services where hsoted by us; systems, infrastructure, and environments used to operate and support the product; information assets including signing certificates, configuration data, telemetry, support data, and customer-provided information where applicable. This policy does not cover customer hosted applications.

Information Security Objectives

The objectives of this policy are to protect sensitive information from unauthorised access, safeguard cryptographic materials, ensure service availability, maintain customer trust, and continually improve security practices.

Risk Management Approach

Webprofusion Pty Ltd, as operator of the certifytheweb.com service, follows a risk-based approach to managing information security risks. Information security risks are identified, assessed and where required mitigation measures are implemented. A risk review is undertaken periodically and may be updated when significant changes occur.

Access Control

Access is granted based on business need and least privilege, protected by appropriate authentication including multi-factor authentication where applicable, and reviewed periodically.

Cryptographic and Certificate Security

Industry-accepted cryptographic standards are used. Private keys and credentials are protected, certificate lifecycle processes are controlled, and security considerations are embedded in automation and product design.

Secure Development and Operations

Security is integrated into development and operations through secure coding, change management, logging, monitoring, and timely patching.

Incident Management

Incidents are detected, recorded, contained, investigated, and reviewed. Customers are notified where required by contractual or regulatory obligations.

Business Continuity

Appropriate backup, recovery, monitoring, and resilience measures are implemented to support continuity.

Review and Continuous Improvement

This policy and associated controls are reviewed periodically, supported by annual internal audits, and updated to reflect changes.

Policy Availability

This policy is available via the Certify The Web Trust Center. Additional information may be provided upon request subject to confidentiality controls.