WebTrust is an assurance service jointly developed by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA). WebTrust relies on a series of principles and criteria designed to promote confidence and trust between consumers and companies conducting business on the Internet. Public accounting firms and practitioners, who obtain a WebTrust business license from the AICPA or CICA, can provide assurance services to evaluate and test whether a particular web site meets any one of the Trust Services principles and criteria. The WebTrust seal of assurance is placed on the organization's web site following the engagement and signifies the practitioner's unqualified opinion.

The WebTrust program is based on the following Trust Services Principles and Criteria:

  • Security
  • The system is protected against unauthorized access (both physical and logical).
  • Availability
  • The system is available for operation and use as committed or agreed.
  • Processing Integrity
  • System processing is complete, accurate, timely, and authorized.
  • Online Privacy
  • Personal information obtained as a result of e-commerce is collected, used, disclosed, and retained as committed or agreed.
  • Confidentiality
  • Information designated as confidential is protected as committed or agreed.

The specific evaluation criteria and examples of illustrative controls for each principle can be found on the AICPA web site.

The latest version of the WebTrust program allows practitioners to provide assurance on any one or a combination of the above principles and criteria. Practitioners are also permitted to include management's customized disclosures as long as they are included with an existing WebTrust principle.

A separate WebTrust program still exists for Certificate Authorities (CAs). Visit the AICPA web site for additional information.

The WebTrust Seal of assurance symbolizes to potential customers that a CPA or CA has evaluated the web site's business practices and controls to determine whether they are in conformity with the WebTrust principles and criteria and has issued a report with an unqualified opinion indicating that such principles are being followed in conformity with the WebTrust Criteria. Specific procedures have been established by the AICPA and CICA regarding the deployment and maintenance of the seal to ensure the authenticity of the WebTrust seal.

If you are interested in WebTrust assurance, please send an e-mail to: webtrust@sas70.com.

If you need further information, contact us.

Comments are closed