We are glad to announce that Veriff has been awarded certification against the ISO/IEC 27001:2013 standard, an internationally recognized information security standard published by the International Organization for Standardization (ISO).
The scope of Veriff’s information security management system (ISMS) comprises the operations supporting the Veriff IDV offering. The scope includes the Legal & Compliance, InfoSec, Engineering, Product, Human Resources, Facilities, and Verification Operations teams. The certification also extends to the additional controls defined within the ISO/IEC 27017:2015 (security for cloud services) and ISO/IEC 27018:2019 (protection of personally identifiable information (PII) in cloud services) standards.
In order to achieve the certification, Veriff’s conformity against standard requirements was assessed by an independent certification body, Coalfire Certification. As part of the process, Veriff had to demonstrate a continuous and systematic approach to managing and protecting both company and customer data.
"Veriff is committed to continuing to build trust, so it is especially crucial for people to be able to trust an identity verification company like ourselves with their data. Having an independent third party confirm our security management processes’ compliance is a sign of a company’s maturity and gives our existing customers more confidence in our ability to safeguard both their and our data," said Kaur Virunurm, Chief Information Security Officer at Veriff.
ISO 27001 is one of the most widely recognized and globally accepted information security standards. It identifies requirements for a comprehensive Information Security Management System (ISMS) and defines how organizations should manage and handle information in a secure manner, including implementing appropriate security controls to mitigate risks.
Veriff is also compliant with CCPA, GDPR, SOC 2 Type 2, and WCAG Accessibility Guidelines.
About Coalfire Certification
Coalfire Certification is an accredited certification body per both the ANSI National Accreditation Board (ANAB) and the United Kingdom Accreditation Service (UKAS), no. 9224. The certification body administers management system audits for service organizations within the cloud and technology, healthcare, and financial sectors.