How to verify a QorTrace audit certificate

Every QorTrace audit publishes a public verification certificate at qortrace.com/labs/verify/<cert-id>. Anyone can independently confirm:

1. The cert was issued by QorTrace.
2. The report payload hasn't been tampered with.
3. The methodology version + engineer.

Steps

1. Open the verify URL

https://qortrace.com/labs/verify/<cert-id> — the cert-ID is the 12- character public ID printed on the PDF and the customer's Trust Center page.

2. Check the cryptographic seal

The page shows:

• The SHA-256 of the report payload.
• The methodology version the audit was scored against.
• The engineer-of-record (name + bio link).
• The issue date and org name.

If you have the PDF, hash it locally and compare:

The first 64 hex chars should match what's on the verify page.

3. Click through to the methodology

The methodology version is linked to its archived rubric, e.g. /docs/labs/methodology/v3.2. The rubric explains exactly what was graded and how findings were scored.

4. Optional — JSON deep link

Append ?format=json to the verify URL for a machine-readable payload. Useful when verifying programmatically:

What if the verification fails?

• If the SHA-256 doesn't match: the PDF you have is not what we issued. Could be a forgery or a corrupted download. Re-download from the customer's Trust Center.
• If the cert-ID 404s: it was revoked. We revoke certs only at customer request (e.g. they re-audited and want the old cert retired) or in fraud cases. Contact audit@qortrace.com to understand why.

Sharing certificates on LinkedIn

Each verify page has a one-click LinkedIn share button. The shared post uses a custom OG image with the QorTrace logo + the cert ID, designed for professional context.