Veriff handles an immense amount of personal data every day, and it's no surprise that we treat the security of that data with incredible care. This is why we have the best possible in-house compliance systems in place, and here, we'll tell you all about them.
Nino Gabrielashvili, January 6th, 2021
ShareLove this blog? Why not share it with the world?
The immense value of online services, including online verification, was highlighted during the COVID-19 pandemic. However, the risks associated with these online services must not be taken lightly. In the course of verifying someone’s identity online, companies unveil a range of personal identifiable information (PII) that requires special attention and appropriate protection. That’s why it’s crucial that proper compliance mechanisms are established.
In this article, I’ll outline the mechanisms in place which show that Veriff goes the extra mile to ensure its compliance systems are the strongest around.
SOC as an abbreviation stands for Systems and Organization Controls. SOC 2 is an auditing procedure performed by an external auditor that ensures that service providers securely manage both their data and the privacy of their end-users. It’s worth mentioning that following SOC 2 is not obligatory. However, many SaaS service providers want to prove that they are properly protecting data and information systems. It is also common practice for clients to request SOC 2 reports from potential partners. Therefore, for security-conscious businesses, SOC 2 compliance is a minimal requirement when considering using a SaaS provider.
Now, it’s important to make the distinction between the different types of SOC 2. SOC 2 Type 1 describes the systems of a company and determines whether it is capable of meeting relevant information security principles on a specified date. Veriff has passed this stage and it was confirmed that the existing controls are adequate for addressing security concerns.
SOC 2 Type 2, on the other hand, details the operational effectiveness of said systems throughout a disclosed period of time. Being compliant with it gives a higher level of assurance compared to SOC 2 Type 1. SOC 2 Type 2 certification approves that Veriff’s systems are designed to keep its clients’ sensitive data secure. When it comes to working with the identity verification service provider, such reliability is absolutely crucial. Currently, Veriff has already acquired SOC 2 Type 2 compliance certification.
As Veriff provides clients with identity verification services, processing personal data is one of the core functions of Veriff’s operation. The General Data Protection Regulation (GDPR) is considered to be creating the highest standards for personal data protection. But the GDPR does not stand alone, there are several other data protection laws around the world setting the standard for processing personal data.
In regards to Veriff’s GDPR compliance level, it’s worth mentioning that an external independent audit regarding GDPR compliance demonstrated a high level of data protection compliance at Veriff. Veriff is dedicated to ensuring we consistently offer the highest level of data protection by having the necessary measures in place. Veriff takes all physical, technical, and organisational measures possible to secure the personal data that is being processed. On top of that, our most important data protection value in Veriff is ‘’Ethical AI’’, meaning that Veriff develops unbiased, non-discriminatory artificial intelligence designed to comply with privacy and respect for human rights.
Veriff has a full time Data Protection Officer (DPO). This role is to help to comply with data protection principles and avoid the risks associated with processing personal data. Our DPO is tasked with monitoring compliance with the GDPR and our data protection policies, auditing, and providing advice whenever data protection questions arise. To ensure the highest level of data protection compliance in Veriff, our DPO provides tailored data protection training based on the specific needs of every division at Veriff. The advice on what to pay attention to in regards to being GDPR compliant can be read in our DPO’s blog on personal data protection.
WCAG stands for Web Content Accessibility Guidelines. These guidelines are developed through the W3C process in cooperation with individuals and organizations around the world. The goal is providing a single shared standard for web content accessibility, for people with disabilities, that meets the needs of individuals, organizations, and governments internationally.
WCAG 2.0 and WCAG 2.1 are technical standards. They consist of 12-13 guidelines. For each guideline, there are testable success criteria, which are at three levels: A, AA, and AAA. Veriff is compliant with WCAG version 2.0, level AA.
WCAG guidelines explain how to make web content more accessible to people with disabilities. On the other hand, meeting the requirements of WCAG shows that besides compliance, Veriff considers the inclusion of people with disabilities during our product development process. For further details, you can check Veriff’s blog on accessibility features.
Policies define the framework of actions and behavior that is needed in order to execute the tasks by employees lawfully, consistently and effectively. It also helps companies mitigate risks in a consistent and proactive manner before a crisis arises, or in the case of an incident, create mechanisms and procedures on how to tackle incidents and other (potentially) recurring situations.
At Veriff, our compliance function is responsible for ensuring that relevant policies are in place, acknowledged with employee signatures, and effectively executed.
In conclusion, Veriff has various systems in place that ensure the information security of our customers and end-users. Veriff always strives for the highest industry standards and is constantly working towards having the most advanced compliance mechanisms in our industry. If security is a top concern for you or your business when going digital, we hope you’ll consider choosing Veriff as your service provider. In case of any questions, don’t hesitate to contact us.