Security and Compliance

Our SOC2 Type II Report is complete and available for customers and prospects. The Report includes management’s description of Onfido’s trust services and controls, as well as the independent auditor’s opinion from BDO Limited relating to Onfido’s system design and operating effectiveness.

A Type II report follows a more demanding testing approach than a Type I, as it verifies that our controls relating to information security, systems availability, and data confidentiality operated effectively to meet the Trust Services Criteria over a period of time.

Onfido’s Identity Verification services are audited at least annually against the SOC 2 framework by third-party auditors. SOC 2 is widely regarded as one of the most rigorous and respected security auditing standards.

This certification demonstrates that Onfido has successfully implemented a systematic and documented approach to securing clients’ and corporate information.

Onfido’s people, processes and technology were independently assessed and deemed to meet the standards set forth by the International Organization for Standardization for information security management systems (ISMS).

Onfido is committed to protecting the privacy and security of identities which we verify or carry out checks on. Please refer to the Onfido Privacy Policy for more information about the data we collect and how we use it.

Bugcrowd is engaged in an ongoing, private bug bounty program covering Onfido main services and web applications. Testers are selected among the top tier hackers on Bugcrowd platform and are provided with access to our testing environment as well as all the details needed for their activity. Security is a critical requirement for us and an integral part of our solution, and this program enhance our security posture by helping us in quickly identifying and fixing critical vulnerabilities at scale.