Security and Compliance

Last updated: 2 September 2021

At Onfido, security and compliance are essential to our mission of creating a more open world, where identity is the key to access. This means providing identity verification checks and handling data in the most robust and secure manner possible for our clients.

From financial services firms to marketplaces and community giants, we are trusted by thousands of companies across the world, including some of the world’s leading organisations.

Revolut Logo
Remitly logo
Orange Logo
Couchsurfing Logo
Bitstamp logo
Bunq Logo

SOC 2 Type II Compliant & ISO 27001 Certified

Onfido is proud to announce that we are now both SOC 2 Type II compliant and ISO 27001 certified. Onfido has been ISO 27001 certified since 2017, and the receipt of our SOC 2 Type II report verifies that our controls relating to information security, systems availability, and data confidentiality meet the American Institute of Certified Public Accountants’ (AICPA) industry standards.

SOC 2 Type II Security, Availability & Confidentiality Report

Our SOC2 Type II Report is complete and available for customers and prospects. The Report includes management’s description of Onfido’s trust services and controls, as well as the independent auditor’s opinion from BDO Limited relating to Onfido’s system design and operating effectiveness.

A Type II report follows a more demanding testing approach than a Type I, as it verifies that our controls relating to information security, systems availability, and data confidentiality operated effectively to meet the Trust Services Criteria over a period of time.

Onfido’s Identity Verification services are audited at least annually against the SOC 2 framework by third-party auditors. SOC 2 is widely regarded as one of the most rigorous and respected security auditing standards.

Security AICPA SOC

ISO 27001 Certified since 2017

This certification demonstrates that Onfido has successfully implemented a systematic and documented approach to securing clients’ and corporate information.
 
Onfido’s people, processes and technology were independently assessed and deemed to meet the standards set forth by the International Organization for Standardization for information security management systems (ISMS).
ControlCase ISO 27001 Compliant Certification Sticker
Click here for details

Privacy

Onfido is committed to protecting the privacy and security of identities which we verify or carry out checks on. Please refer to the Onfido Privacy Policy for more information about the data we collect and how we use it.

GDPR Logo

Bug Bounty Program

YesWeHack is engaged in an ongoing, private bug bounty program covering Onfido main services and web applications. Testers are selected among the top tier hackers on YesWeHack platform and are provided with access to our testing environment as well as all the details needed for their activity. Security is a critical requirement for us and an integral part of our solution, and this program enhance our security posture by helping us in quickly identifying and fixing critical vulnerabilities at scale.