UK education digital trust procurement: what changes for IAM teams?

TL;DR: UK education and research institutions now have streamlined access to PKI, TLS and certificate lifecycle management without separate procurement through a national framework selected by Jisc, according to DigiCert, but the practical issue is not the contract itself but whether shared procurement actually improves certificate governance, lifecycle control, and trust boundaries across large, federated environments.

NHIMG editorial — based on content published by DigiCert: DigiCert and Jisc to advance digital trust in UK education

Questions worth separating out

Q: How should institutions govern certificate lifecycle management in shared procurement models?

A: They should separate buying access from control ownership.

Q: Why do certificates create governance risk in federated education environments?

A: Because certificates often span many services, teams and institutions, while responsibility for them is fragmented.

Q: What do security teams get wrong about certificate-based trust?

A: They often assume the cryptography is the control.

Practitioner guidance

• Inventory every certificate domain Map certificates by application, workload, device and owning institution so you can see where digital trust actually exists and where it is duplicated or unmanaged.
• Assign clear renewal and revocation ownership Define which team owns issuance, who approves renewal, and who can revoke certificates when a service is retired or a collaboration ends.
• Tie procurement to lifecycle evidence Require audit-ready evidence for renewal intervals, certificate inventory accuracy and revocation execution before treating a framework purchase as complete.

What's in the full analysis

DigiCert's full post covers the operational detail this post intentionally leaves for the source:

• The framework terms and procurement mechanics that govern how Jisc members access the service
• The specific positioning of PKI, TLS and certificate lifecycle management inside the agreement
• The quoted statements from Jisc and DigiCert on why the framework was selected
• The sector context for UK education and research institutions using shared procurement models

👉 Read DigiCert's announcement on Jisc's national digital trust framework →

UK education digital trust procurement: what changes for IAM teams?

Explore further

View Full Forum →  |  NHI Foundation Course →