Certification Procedure

The application and further procedure for certification with the International Website Trust Standard (IWTS) can be carried out completely online by website operators in a few simple steps:

1. Application

In the application form for IWTS certification, the type of certificate required is selected. On the basis of some further basic data about the website to be certified, the website operator and the associated company, the price for the certification is determined directly, which has to be settled by invoice after the application for certification.

By submitting the completed application form, the website operator will receive directly by e-mail a confirmation with all submitted information, an invoice for the certification as well as some information about further preliminary work that is necessary prior to certification (see next point 2. Preliminary Work to be Done).

2. Preliminary Work to be Done

In order to be able to carry out the certification completely, some further information and evidence about the website to be certified and the company belonging to it are required following the application, which must be submitted by the authorised representative of the company.

All information and evidence can be submitted directly to the certification body via an online form (Preliminary Work). Most of the information required can be entered directly in the form. To be able to prove both the domain ownership and the ownership of the company, some preparations are necessary before filling out the form.

All details of the information to be provided and the evidence to be provided are listed in the section "Preliminary Work Instructions".

3. Audit

After the certification body has received the necessary input and the invoice for the certification has been settled, the audit based on the IWTS inspection criteria usually starts within 10 to 15 working days (different in case of addition or mandatory global additional examination).

The audit takes place online as a desk audit, where the website to be certified is audited directly from the certification body, so it is not necessary for an auditor to be present on site.

If an inspection criterion does not meet the requirements of the IWTS-Standard, the certification body will contact the applicant by email and inform him of the discrepancies so that these can be clarified or rectified and the audit can be carried out and completed completely and successfully.

4. Certification

Following the audit and if all criteria of the IWTS-Standard have been successfully checked, the certification body will carry out the certification.

The certification participant will also be informed by email about the successful certification and the possibilities to integrate the seal of the IWTS-Standard on the certified website. Detailed instructions on how to integrate the IWTS seal can also be found in the IWTS Seal Integration Guide section.

Validity and Recertification

The IWTS certificate is valid for one year after certification. After one year, recertification must be carried out if the IWTS certificate and the IWTS seal, as proof of the security standard, are still to be used on the operator's website. The website operator will be informed in good time so that a recertification can be applied for and the IWTS certificate and the IWTS seal can be used on the website without interruption.

Further information on the IWTS-Standard