1CERT.ORGGlobal Trust Registry

Institution

Data and security

Information handled in the course of registry and due diligence work is subject to defined handling, retention and security practices.

Registry data

Registry records are published data, drawn from sources cited on the record itself. Publication follows the evidentiary standard set out in the Standard for Registry Record Publication.

Due diligence data

Information gathered in the course of a due diligence engagement is confidential to the commissioning party and is not published in the registry or shared with third parties, except where the commissioning party directs otherwise or where required by law.

Submission channels

Sensitive case material is not accepted through unsecured public forms on this website. Enquiry forms on this site collect only basic contact and scoping information; a secure channel is provided for supporting documentation once an engagement is under way.

Retention

Registry records are retained for as long as they remain published, and withdrawn records are retained in accordance with the registry record publication standard. Due diligence engagement records are retained for a period sufficient to support the review and correction process described below, and are not retained indefinitely beyond that purpose.

Reporting a vulnerability

Security researchers and members of the public may report a suspected vulnerability in this website or its systems through the report a vulnerability page.