From a technical perspective, yes, though of course not a legal perspective. Take certs signed by an internal CA for example; as far as end user devices are concerned, the root of trust is that CA, which is presumably configured and managed by your IT staff. (Or sysadmins or whatever the role happens to be at your company.)
It’s of course possible to limit administrators’ access to certain systems, but ultimately the mechanisms to do so are themselves probably set up by your IT administrators in the first place, so in that sense they’re still the root of trust.
It’s of course possible to limit administrators’ access to certain systems, but ultimately the mechanisms to do so are themselves probably set up by your IT administrators in the first place, so in that sense they’re still the root of trust.