Onfido logo home page
Watch a demo
Get in touch
  • Intro
  • SOC 2 Type II Compliant & ISO 27001 Certified
  • SOC 2 Type II Security, Availability & Confidentiality Report
  • ISO 27001 Certified since 2017
  • Privacy
  • Yes We Hack

LAST UPDATED: 2 SEPTEMBER 2021

Security and Compliance

At Onfido security and compliance are essential to our mission of creating a more open world, where identity is the key to access. This means providing identity verification checks and handling data in the most robust and secure manner possible for our clients.

From financial services firms to marketplaces and community giants, we are trusted by thousands of companies across the world, including some of the world’s leading organisations.

Revolut Logo
Remitly, Inc.
Orange S.A.
couchsurfing logo
bitstamp logo
Logo Colors RGB 1

SOC 2 Type II Compliant & ISO 27001 Certified

Onfido is proud to announce that we are now both SOC 2 Type II compliant and ISO 27001 certified. Onfido has been ISO 27001 certified since 2017, and the receipt of our SOC 2 Type II report verifies that our controls relating to information security, systems availability, and data confidentiality meet the American Institute of Certified Public Accountants’ (AICPA) industry standards.

SOC 2 Type II Security, Availability & Confidentiality Report

soc 2

Our SOC2 Type II Report is complete and available for customers and prospects. The Report includes management’s description of Onfido’s trust services and controls, as well as the independent auditor’s opinion from BDO Limited relating to Onfido’s system design and operating effectiveness.

A Type II report follows a more demanding testing approach than a Type I, as it verifies that our controls relating to information security, systems availability, and data confidentiality operated effectively to meet the Trust Services Criteria over a period of time.

Onfido’s Identity Verification services are audited at least annually against the SOC 2 framework by third-party auditors. SOC 2 is widely regarded as one of the most rigorous and respected security auditing standards.

ISO 27001 Certified since 2017

bsiIsoIec

This certification demonstrates that Onfido has successfully implemented a systematic and documented approach to securing clients’ and corporate information.

Onfido’s people, processes and technology were independently assessed and deemed to meet the standards set forth by the International Organization for Standardization for information security management systems (ISMS).

Privacy

GDPR

Onfido is committed to protecting the privacy and security of identities which we verify or carry out checks on. Please refer to the Onfido Privacy Policy for more information about the data we collect and how we use it.

Yes We Hack

Yes We Hack

YesWeHack is engaged in an ongoing, private bug bounty program covering Onfido main services and web applications. Testers are selected among the top tier hackers on YesWeHack platform and are provided with access to our testing environment as well as all the details needed for their activity. Security is a critical requirement for us and an integral part of our solution, and this program enhance our security posture by helping us in quickly identifying and fixing critical vulnerabilities at scale.

Onfido

Our solutions

Onfido uses 256-bit SSL encryption 100% of the time on every device.

BSI ISO/IEC27001

Onfido has been certified by BSI to ISO 27001 under certificate number IS 660122.

© Onfido™, 2022. All rights reserved.
Company Registration Number: 07479524.