Veriff obtains the latest ISO/IEC 27001 certification

By October 2025 all companies must adhere to the most recent ISO/IEC 27001:2022 standard. Previously ISO/IEC 27001:2013 certified companies are required to transition to the newer version of the standard within three years after the issuance of the 2022 version. 

Veriff decided to tackle this challenge ahead of time and started preparing for the transition audit already in 2023. The process of revisiting and updating all internal documentation, policies, and procedures, a preliminary requirement for the audit, helped to portray a compound picture of the company’s current security state before the audit.

We have a strong security mindset when we start using new processes. Such an approach assures our customers that their data is best protected with us.

Fanny Lamp Infosec Compliance Manager, Veriff

The latest ISO/IEC 27001:2022 standard focuses on being more streamlined and adaptable for modern information security challenges. It offers a more dynamic risk-based approach to information security management and gives guidance on where to place more emphasis for continuous improvement while addressing modern threats. 

For Veriff, the ISO/IEC 27001:2022 standard demonstrates the company’s continuous commitment to security and proves that implemented security measures exceed industry standard requirements.

By transitioning to the latest version of the standard, Veriff stays ahead of the curve as no other competitor has yet made the transition.

Fanny Lamp Infosec Compliance Manager, Veriff

ISO/IEC 27001 promotes a holistic approach to information security. An information security management system implemented according to this standard is a tool for risk management, cyber-resilience, and operational excellence.

ISO 27001 is relevant for organizations that handle or manage their customer’s data and is especially common among SaaS providers, data storage solutions, data processing and analytics tools, or other data-service platforms.