Security and Compliance
Last updated: 2 September 2021
SOC 2 Type II Security, Availability & Confidentiality Report
Our SOC2 Type II Report is complete and available for customers and prospects. The Report includes management’s description of Onfido’s trust services and controls, as well as the independent auditor’s opinion from BDO Limited relating to Onfido’s system design and operating effectiveness.
A Type II report follows a more demanding testing approach than a Type I, as it verifies that our controls relating to information security, systems availability, and data confidentiality operated effectively to meet the Trust Services Criteria over a period of time.
Onfido’s Identity Verification services are audited at least annually against the SOC 2 framework by third-party auditors. SOC 2 is widely regarded as one of the most rigorous and respected security auditing standards.
ISO 27001 Certified since 2017
YesWeHack is engaged in an ongoing, private bug bounty program covering Onfido main services and web applications. Testers are selected among the top tier hackers on YesWeHack platform and are provided with access to our testing environment as well as all the details needed for their activity. Security is a critical requirement for us and an integral part of our solution, and this program enhance our security posture by helping us in quickly identifying and fixing critical vulnerabilities at scale.