Sectigo Limited

Certificate Lifecycle manager, SSL certificates, Managed PKI

Sectigo Certificate Manager is a cloud platform to manage the lifecycle of digital certificates to secure human & machine identity across enterprise,from a single interface.It can automate issuance & management of Sectigo certificates, alongside other publicly trusted Certificate Authorities & private CAs: Microsoft AD CS,Google Certificate Authority Service,AWS Private CA

Features

• Real time reporting of inventory of digital certificates
• Monitoring & reporting of inventory of certificates
• Discovery of all certificates in your environment
• Automate the issuance and renewal of certificates
• Auto deployment of certificates to endpoints
• Auto revocation of certificates
• Integration with ServiceNow, AzureKeyVault, DevOps
• Manage Microsoft CA, ADCS, AWS, GCP
• Fully self hosted private PKI, multi tenant platform
• Manage & automate public SSL certs

Benefits

• Automate issuance, deployment and revocation of all digital certificates
• Visibility, monitoring, control and automation of all certificates
• Orchestrate, and consolidate all digital certificates
• Single pane of glass for public, private CAs certificates
• Integration with DevOps
• Integration with ServiceNow
• Integration with Azure Key Vault
• Automate issuance of S/Mimes
• Discovery all certificates, even the rogue ones, behind firewall.
• Define approval workflow

£155.29 to £472.20 a unit

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at babita.tiwari@sectigo.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

528662590005637

Contact

Babita
+44 (20) 45192032
babita.tiwari@sectigo.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Azure Key Vault and Service Now.; It can manage AD CS (Microsoft PKI), AWS and GCP private CAs
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: It is a cloud based platform. It is not an on prem solution.
• System requirements:
  • Client must approve SaaS cloud hosted solution
  • Sectigo certificate Manager is not an on prem solution
  • Client will give admin rights to install Agent (if necessary)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Response time (call back or email on opening the service request of any level) < 24 hrs ; ; - for premier support is < 1 hr
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: https://www.sectigo.com/support
• Web chat accessibility testing: I have no idea. I can check with my Development team.
• Onsite support: Yes, at extra cost
• Support levels: Enteprise Packages; Our program is designed to allow customers to tailor their service agreement to meet their needs.; Customers can also purchase additional options to enhance the core features of Advanced and Premier; service agreements.; Feature Advanced (per incident) Premier; Response time (call back or email on opening the service; request of any level); 1 hour 1 hour; Telephone support hours for all severity levels 8 AM to 8 PM east 24/7 and Chat; Designated Contacts No 3; Service Account Manager No Yes; Remote Remediation Client Environment Yes Yes; Quarterly Service Reviews No Yes; Help Desk training available No Yes; Emergency 24/7 Support for Critical Severity No 24/7; Training (instructor led training billable – remote, on site,; inhouse); Online LMS - Billable Online LMS - Included; Monthly Reports No Billable; Additional Contacts No Billable; For more information about Sectigo, our Premier Enterprise Services and our full line of; digital certificates
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide white glove services. Our onboarding and training team provide full support and training to our clients and it is free. We dont charge for onboarding and training. We provide full support and all the documentation needed to get the user started.; - Onboarding creates user account.; - Go through the training until user is comfortable with the platform.; - Set up another session to go through all the use cases; - Set up another session if required,
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: We do not store client data.
• End-of-contract process: End of the contract if client choose to renew the contract, our renewal manager will reach out, set up a meeting, validate their use cases, if they need any additional services or extend the scope, get their contract renewed. If client choose not to renew the contract then we terminate the services. Grace period is given to the client.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Windows Phone
  • Other
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: We have an app for mobile services.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: It is a dashboard that represents the inventory, data and reports in graphical mode.
• Accessibility standards: None or don’t know
• Description of accessibility: Via browser
• Accessibility testing: I do not know. But we have a team of developer and tester, I can confirm the details.
• API: Yes
• What users can and can't do using the API: Our platform is a purpose built certificate management platform with out of the box integrations and technologies within the platform available and client can automate 100% of their digital certificates but we also offer REST and SOAP APIs in case it is needed.; ; Follow this URL for more info - https://www.sectigo.com/knowledge-base/product/API_Documentation
• API documentation: Yes
• API documentation formats:
  • PDF
  • Other
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: They can pick and choose the services, component as they require. They can start with public SSL certificate automation and then gradually bring in their private PKI for management as their budget and resources allows. They can go for premier support, various integrations to make their life easier. So , everything is customisable.

Scaling

• Independence of resources: Its a SaaS solution provided by a Certificate Authority (CA). Users wont get affected by surge in demand of our product.

Analytics

• Service usage metrics: Yes
• Metrics types: Dashboard board provides all the metrics.
• Reporting types:
  • Real-time dashboards
  • Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest: Other
• Other data at rest protection approach: We continually engage in penetration testing using our in-house team and perform an annual external penetration test.; All customer data at rest are encrypted with AES 256.; All customer data in transit are encrypted using TLS 1.2 or greater.; ; Yes, all customer data are logically separated.
• Data sanitisation process: No
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: In CSV, excel format
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: We have standard and premier support option.; Here is the link -- https://www.sectigo.com/uploads/resources/Enterprise_Support_Services-White-Template.pdf; ; Here is a link to our website - https://www.sectigo.com/enterprise-support-validation-service
• Approach to resilience: We have a BC/DR plan that includes two redundant data centers in Manchester, UK and Secaucus, New Jersey.; ; - Yes. Data are backed up to our remote redundant facility. Additional hardcopy backups are conducted and stored in a secure, off-site facility.
• Outage reporting: Yes. Affected customers receive direct communication by email to designated contacts and we inform through status.io.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
  • Other
• Other user authentication: It depends on their organisation policy. They can use OKta or username password as they wish.
• Access restrictions in management interfaces and support channels: We have many logs that vary based on environment, the nature of the activity, use case, and regulatory and technical requirements.; Yes, all customer data are logically separated.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: MSECB
• ISO/IEC 27001 accreditation date: 10.10.2023
• What the ISO/IEC 27001 doesn’t cover: Certification scope - Provision of publicly trusted digital certificates, along with supporting processes & services ; (Validation, Issuance, HR, Customer Support, OCSP, CRL’s, IT/System Administration), ; Sectigo Certificate Manager, in accordance with the Statement of Applicability (SoA), Ver. 2.0 ; dated 2023-03-27
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • SOC 2
  • SOC3
  • Webtrust
  • EIDAS
  • ISO 27001- 2013

Security governance

• Named board-level person responsible for service security: No
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We continually conduct security risk assessments on various environments and aspects of the business.; We are compliant with ISO 27001 and WebTrust and undergo an annual SOC 2 audit.; We continually conduct security risk assessments on various environments and aspects of the business.; We can provide the document under NDA.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: We have a BC/DR plan that includes two redundant data centers in Manchester, UK and Secaucus, New Jersey.; Yes. Data are backed up to our remote redundant facility. Additional hardcopy backups are conducted and stored in a secure, off-site facility.; We use SonarCloud for SAST and Sonatype for open source testing.; All customer data at rest are encrypted with AES 256.; All customer data in transit are encrypted using TLS 1.2 or greater.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We continually perform vulnerability scanning on our network.; We continually engage in penetration testing using our in-house team and perform an annual external penetration test.; We continually perform vulnerability scanning on our network.; We use SonarCloud for SAST and Sonatype for open source testing.; All customer data at rest are encrypted with AES 256.; All customer data in transit are encrypted using TLS 1.2 or greater.
• Protective monitoring type: Undisclosed
• Protective monitoring approach: Yes. We monitor using Tenable and apply patches with an SLA assigned by severity.
• Incident management type: Undisclosed
• Incident management approach: Yes. We can provide the document under NDA.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Wellbeing

  Wellbeing

  training and support provided for well being of all the employees.

Pricing

• Price: £155.29 to £472.20 a unit
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: For a week , we offer bespoke trial to our client to test all their use cases. They can test issuance and automation of public and private SSL certs, fully hosted private PKI, integrations, APIs.
• Link to free trial: https://www.sectigo.com/certificate-manager?utm_term=ssl%20certificate%20management%20software&utm_campaign=Inflow+%7C+US+%7C+SCM+Enterprise&utm_source=adwords&utm_medium=ppc&hsa_acc=6918550654&hsa_cam=18991420015&hsa_grp=143165178185&hsa_ad=636472141655&hsa_src=g&hsa_tgt=kwd-16389067242&hsa_kw=ssl%20certificate%20management%20software&hsa_mt=b&hsa_net=adwords&hsa_ver=3&gad_source=1&gclid=EAIaIQobChMIq5a51aXvhAMV8JxQBh2mgAEJEAAYASABEgKNV_D_BwE

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at babita.tiwari@sectigo.com. Tell them what format you need. It will help if you say what assistive technology you use.