The ISO/IEC 27001:2013 standard is an internationally recognized information security standard published by the International Organization for Standardisation (ISO). The scope of Veriff's information security management system (ISMS) comprises the operations supporting the Veriff IDV offering. The scope includes the Legal and Compliance, InfoSec, Engineering, Product, Human Resources, Facilities, and Verification Operations teams. The certification also extends to the additional controls defined within the ISO/IEC 27017:2015 (security for cloud services) and ISO/IEC 27018:2019 (protection of personally identifiable information (PII) in cloud services) standards.

In order to achieve the certification, Veriff's conformity against standard requirements was assessed by an independent certification body, Coalfire Certification. As part of the process, Veriff had to demonstrate a continuous and systematic approach to managing and protecting both company and customer data, the press release explained.

ISO 27001 identifies requirements for a comprehensive Information Security Management System (ISMS) and defines how organisations should manage and handle information in a secure manner, including implementing appropriate security controls to mitigate risks. Veriff is also compliant with CCPA, GDPR, SOC 2 Type 2, and WCAG Accessibility Guidelines.



