You bought the HSM. They gave you 90 days to close the finding. And your team still doesn't dare touch it.

You're probably here for one of three reasons

• The audit flagged your HSM. An external, internal or regulatory finding about key handling, ceremony documentation or dual control. You have a deadline and you need evidence.
• The HSM is there, but it's not in production. You bought it months or years ago. No one on the team dares touch it. The business case that justified the purchase is still pending.
• The team that knew changed. Whoever installed or configured the HSM is no longer there. Documentation is scarce or non-existent. Procedures live in someone's memory who left.

Buying the HSM was the easy part

Operating an HSM is not a vendor manual: it's a combination of technical decisions, signed procedures, documented custody and daily discipline. Who has custody of the keys? Under what dual control is a PVK rotated? How is a ZMK loaded without exposing it in the clear? What does a developer do when they need to sign an EMV message?

Solving this without guidance takes months and produces documentation that typically doesn't survive the first audit. It's not a team-intelligence problem — it's an accumulated-experience problem with that specific class of equipment.

What your institution receives at project close

• The HSM in production, configured per vendor practice and verifiable against it.
• The key schema — ZMK, ZPK, PVK, MAC keys — with documented hierarchy, rotation and custody.
• Written ceremony procedures, executed under dual control and backed by signed records.
• An operating manual written for the security team that will live with the HSM.
• A developer guide with invocation examples, frequent errors and troubleshooting — written by someone who understands how a developer thinks, not how a cryptographer thinks.
• Runbooks for the incidents that will occur: emergency rotation, recovery, smart-card replacement.

Continuous transfer, not a final session

Knowledge is transferred during the project, not at the end. Your operators watch and execute the ceremonies. Your developers consume the HSM against the real environment, not against a PDF. By the time we close, your team has already operated the system under our supervision — it's not the first time they do it.

Generational HSM change with no service interruption

As Utimaco official partner in Peru, we execute migrations from legacy HSMs to the current generation with service continuity: controlled re-key, validation against the new equipment in parallel to production, and planned cutover with minimum window. No surprises in keys, no surprises in documentation.

If you already chose a vendor, we adapt to your decision

We are official representatives in Peru of Utimaco and HST; we also operate Futurex. The choice should respond to your case (general purpose vs. payment HSM, latency, throughput, required certifications), not a reseller agreement. If your decision is already made, we work against it.

A 30-minute conversation to understand your context

No commitment. If your case fits what we do, we schedule a technical meeting to go deeper. If it doesn't fit, we say so too.