ISO 27001
ISO 27001 is a comprehensive framework for information security management systems (ISMS), designed to ensure the secure handling of information in organizations. For Ver.iD, ISO 27001 takes on a crucial role as it provides a structured approach to managing sensitive data, ensuring that it is protected against unauthorized access, disclosure, and other security threats. Adhering to ISO 27001 standards allows us to demonstrate our commitment to the highest levels of data security and trust, an essential factor in fostering user's trust within the digital identity ecosystem.
Roadmap
| Phase | Date | Description |
|---|---|---|
| Assessment Phase | December 2022 | Determine the need for the ISO 27001 compliance project and secure necessary approvals. |
| Planning Phase | January 2023 | Develop a comprehensive project plan outlining tasks, timelines, resources, and budgets. |
| Discovery Phase | Feburary 2023 | Review of existing security measures and identification of areas for enhancement to meet ISO 27001 standards. |
| Start of Implementation | March 2023 | Implementation of updated security policies, procedures, and controls to address identified gaps. |
| External Gap Analysis | April 2023 | A gap analysis by PwC to ensure readiness for the final audit, addressing any remaining gaps in our ISMS. |
| External Audit (1st year) | February 2024 | An external audit of the ISO 27001 by PricewaterhouseCoopers Certification B.V. |
| Certification | February 2024 | Delivery of the ISO 27001 certificate issued by PricewaterhouseCoopers Certification B.V. . |
| Surveillance Audit (2nd year) | February 2025 | An external audit of the ISO 27001 by BSI Group The Netherlands B.V. . |
| Certification | March 2025 | Delivery of the ISO 27001 certificate issued by BSI Group The Netherlands B.V. . |
| Surveillance Audit (3rd year) | Q1 2026 | An external audit of the ISO 27001 by BSI Group The Netherlands B.V. . |
Status
Ver.iD obtained the ISO 27001 certificate in February 2024 from PricewaterhouseCoopers Certification B.V. In 2024, we will continue to build upon this achievement through surveillance audits conducted by our internal auditor and, eventually, by BSI. These ongoing audits ensure that our information security management system remains robust and aligned with ISO 27001 standards, demonstrating our commitment to maintaining the highest levels of data security and trust. By adhering to this standard, we give our partners and clients confidence that security is embedded into the core of everything we do.
We have migrated from PwC to BSI as auditor due to changes within the auditing structure of PwC as of 2025.
Certificate
Issuer
| Attribute | Details |
|---|---|
| Issuer | BSI Group The Netherlands B.V. |
| Certificate Number | ISC 589 |
| Effective Date | 2024-11-13 |
| Expiry Date | 2027-02-25 |
| Accreditation Autority | https://www.rva.nl/ |
| Issuer website | https://www.bsigroup.com/nl-NL/ |
Download
[!NOTE] You can download our current ISO 27001 certificate using the button below.
For further inquiries or details concerning this certificate, we encourage you to reach out to our compliance team. They will be pleased to provide comprehensive information and address any queries you may have.
Statements of Applicability
The Statements of Applicability (SoA) outlines the specific ISO 27001 controls that Ver.iD has implemented. This critical document forms the cornerstone of our ISMS, detailing how each applicable control has been addressed within our operations to safeguard sensitive information effectively. We do not have this document publically available, however depending on your needs we have it available on request.
Audit Fact Report
The Audit Fact report outlines the specific ISO 27001 audit details from BSI that conducted the audit. We do not have this document publically available, however depending on your needs we have it available on request.