Explanation of Terms

Recognised certification body

Is a certification body accredited by a national accreditation body and recognized by the IWTS program owner according to the recognition procedure described in the program manual.

Recognized auditor

Is a person who fulfills the technical and personnel requirements defined in the program manual and on the basis of this conformity is recognized by the certification body for his work in the IWTS program. Only recognized auditors may be used for this activity.


Examination of the conformity of a website with the IWTS-Standard by a recognized auditor from a recognized certification body. Audits are carried out as desk audits. They are based on the regulations of ISO 19001.

Advisory Board

Is a body that supports the real functioning of the IWTS program. The advisory board advises the management of the FdWB. It also acts as a conciliation committee in the event of objections from certification bodies or from customers if the facts of the case exceed the responsibility of the certification body. It should represent the "interested parties" in a representative manner and should not comprise more than 5 persons.


Is a systematic and documented comparison of the performance of different certification programs; usually with the aim of checking or realizing a cooperation between the programs. The aim is usually to achieve economic advantages for program owners, certification bodies and certificate users.


In this context, the activity of providing support to a website operator, planning, developing, operating or marketing websites. Certification bodies are not permitted to engage in this activity in order to avoid conflicts of interest in their certification decision.
For the FdWB the prohibition of consulting does not apply.

Parties involved

Participants of the IWTS program are: the program owner Fachverband deutscher Webseiten-Betreiber GmbH (FdWB; Association of German Website Operators) and its organs, all recognized certification bodies and all certificate holders (= website operators).

Desk Audit

Is an audit that does not take place on site at the customer's premises but can take place from any possible location. A desk audit is possible if there is no need for on-site assessments and tests at the customer's premises. Since the IWTS-Standard is the certification of websites that can be accessed online and all information and evidence can be submitted online to the certification body, a desk audit is possible. A desk audit saves considerable time and costs, which was taken into account in the prices for certification of the IWTS-Standard.

IWTS-Standard of the FdWB

Is a description of all website characteristics (= requirement criteria for the website) of the website operators that are necessary to achieve the goals of the FdWB certification program.

Interested party

Is a website operator who is interested in certification against the IWTS-Standard of the FdWB but has not yet submitted an application to a certification body.

Interested parties (Stakeholders)

Are natural or legal persons as well as other groups that participate in or feel affected by the IWTS program (e.g. website operators, website users, certification bodies, customers, authorities, etc.).


With all requirement criteria described in the IWTS-Standard of the FdWB is a prerequisite for the granting of a certificate. It must be ensured that the product requirements and the certification requirements are met in full.


According to ISO 17065, the organization or person responsible to a certification body for ensuring that the certification requirements, including product requirements, are met. In the context of this certification program, the customer is a commercial, freelance or legal entity (not a natural person in the sense of an end consumer) who is responsible for ensuring that the legal requirements for the security and quality of the website are met and, as the authorized signatory, signs the certification agreement with the certification authority.
Other definitions in certain legal regulations, e.g. HGB, German Civil Code (§ 312c), Telemedia Act (§ 5), GDPR (in German DSGVO) or others, are not applicable in this narrowly defined context, if the regulation is not contradictory to the legal regulations.
All certified website operators are published on the internet by the program owner.

Users of websites

Are legal or natural persons, especially end consumers, who use websites. They are usually not experts on the functionality and security of websites. But they are interested in knowing if the visited website is secure and trustworthy. The IWTS seal provides the desired positive information at a glance and thus creates commercially beneficial trust for the website operator.

Product requirements

These are the criteria for all properties of the website, which are defined in the IWTS-Standard of the FdWB. The specification of the criteria is (usually) done by third party standards. The compliance with all criteria has to be checked completely in the certification process during the audit.

Program adaptations

Is a measure of the program owner to identify and implement selective changes in the program and to communicate them to the certification authorities and certificate users. A form is used for this purpose. The starting point for program adjustments can be: normative or legal changes to the criteria described in the program manual. Insights into the improvement of processes defined in the program manual can also lead to program adjustments. The need for program adaptations is to be observed, identified and formulated by the program owner. Intended program adaptations are to be submitted to the advisory board for decision.
If there is a need for general changes to the program, e.g. because a large number of program adjustments have been made in the meantime, the program owner creates a new version of the program. The program owner may call in external experts for this purpose. The new version must be submitted to the advisory board for a decision.

Program owner (program carrier)

Is an individual or organization responsible for developing and maintaining a particular certification program (ISO 17067). Program owner of the IWTS program is the FdWB.

Test marks (seal, conformity mark, certification mark, logo)

The IWTS test mark is a registered word and image mark and forms the seal of the IWTS program. It informs the user of a website at a glance that this website has been checked by the IWTS program against the IWTS-Standard of the FdWB and thus has special security features. The logo is property of the program owner. It can be used free of charge by all participants in the IWTS program to mark the website itself and documents related to the IWTS program as eye-catchers.

Quality level

The IWTS program can have different variants, globally or by regions and countries (International, German-DE, USA-USA, China-CHN, Austria-AUT, Switzerland-CHE and others). Details must be presented in writing by updating the program.

Risk of a website

Is defined in this certification program depending on compliance with legal regulations in the areas of cyber security, GDPR (in German DSGVO), identification requirements according to the applicable Telemedia Act and EU regulations as well as additional extensive protective measures defined in the IWTS-Standard.
The inspection criteria of the IWTS-Standard define the condition.

Website operator

Are commercial, freelance or legal persons (not natural persons in the sense of an end consumer - these are website owners) who use a website to provide information to specific target groups. As a rule, they have no expert knowledge about the security and technical quality of a website and must have this done by service providers without being able to assess the quality of the service themselves. The application of a quality and security standard whose conformity with the standard has been certified gives the website operator confidence in his own website and commercial advantages if the users of his website can also gain confidence in the website by looking at the IWTS seal.


Is the document which, based on the examination of a website with a defined procedure by an accredited certification body approved by the FdWB, confirms that this website fully meets all criteria of the IWTS-Standard of the FdWB, which is part of this program manual. The certificate is property of the issuing certification body. The latter is the basis for the fact that the certification body can withdraw it at any time if the certificate user does not ensure that his website complies with the FdWB's IWTS-Standard within a reasonable period of time.

Certificate user

Are commercial, self-employed persons or legal entities (not natural persons in the sense of an end consumer) who, on the basis of a valid certification agreement, use a certificate issued by a competent certification body for their purposes.

Certification requirements

Are the common set of product requirements plus the requirements that the certification process places on the customer. The requirements for the certification procedure are in turn the common requirements that the certification program plus the certification body place on the customer. For a successful certification decision, all certification requirements must be completely checked and fulfilled.

Certification Program

Is a written system that describes the requirements (= criteria), rules and procedures to certify certain products, processes and services. When developing certification schemes, scheme owners should, in addition to the requirements to be met by users (customers), also meet the formal requirements of ISO 17067. Certification bodies that certify products, processes and services should be accredited to ISO 17065. Companies that wish to have their products, processes or services certified should thoroughly prepare both the selection of the certification scheme that best suits their needs and the fulfillment of all requirements of the certification scheme before the first audit.

Further information on the IWTS-Standard