We were engaged to assess a PKI implementation delivered by a third-party organisation, following concerns regarding the absence of documentation, lack of demonstrable compliance, and a resulting erosion of confidence in the digital trust assured by the service.​

A report was produced outlining the findings of the PKI health check, including evidence-based, prioritised recommendations and actionable steps to achieve demonstrable compliance. The objective was to enable broader adoption of the PKI service across the organisation while minimising technical debt and avoiding unnecessary re-engineering.​

Due to the absence of documentation relating to the architecture, implementation, or configuration of the existing PKI service, the engagement necessitated a methodical and structured approach to identify and capture all system integrations, data flows, user and system interactions, and configuration parameters across all components​

KeyFactor EJBCA, Thales Key Protection ​