With the media full of stories about threats to security and privacy and on the Internet, a company’s promising e-commerce plans may crumble amid fears about management’s ability to protect data and deliver what they promise.

WebTrust focuses on risk areas related to e-commerce activities and the appropriate policies and controls to manage risks related to security, online privacy, availability, confidentiality and processing integrity. The end result is a more robust and secure e-commerce system.

The elements of the WebTrust program include:

• • A set of e-commerce criteria that reflects prevailing internal controls best practices and requirements from around the world.
  
  
• • Periodic independent verification that a site meets the certain criteria.

Putting WebTrust to Work

One typical example includes a community bank that offers WebTrust’s assurance to its customers that it keeps customer information private and confidential and that its banking transactions are processed with integrity. Another example is when a major retailer assures customers that its security and privacy practices are in good order. Companies providing goods and services over the Internet often find that customers are concerned about security, privacy and other matters. A recent Harris Interactive study found that online customers tend to avoid companies that do not provide adequate assurance that personal information is kept private and secure. On the other hand, the Harris study showed that customers will recommend a business that demonstrates a strong commitment to addressing these concerns.

For more information about a WebTrust audit, contact us.

For a chart showing the differences between a SAS 70 audit and a SysTrust (or WebTrust) audit, click here to view the pdf.