ISO 27001
ISO 27001 is a comprehensive framework for information security management systems (ISMS), designed to ensure the secure handling of information in organizations. For Ver.iD, ISO 27001 takes on a crucial role as it provides a structured approach to managing sensitive data, ensuring that it is protected against unauthorized access, disclosure, and other security threats. Adhering to ISO 27001 standards allows us to demonstrate our commitment to the highest levels of data security and trust, an essential factor in fostering user confidence in new decentralized identity technologies.
Roadmap
| Phase | Date | Description |
|---|---|---|
| Assessment Phase | December 2022 | Determine the need for the ISO 27001 compliance project and secure necessary approvals. |
| Planning Phase | January 2023 | Develop a comprehensive project plan outlining tasks, timelines, resources, and budgets. |
| Discovery Phase | Feburary 2023 | Review of existing security measures and identification of areas for enhancement to meet ISO 27001 standards. |
| Start of Implementation | March 2023 | Implementation of updated security policies, procedures, and controls to address identified gaps. |
| External Gap Analysis | May 2023 | A gap analysis by PwC to ensure readiness for the final audit, addressing any remaining gaps in our ISMS. |
| Final Audit | February 2024 | A comprehensive audit by PwC to verify full compliance with ISO 27001, resulting in certification. |
| Certification | February 2024 | Delivery of the ISO 27001 certificate issued by PricewaterhouseCoopers Certification B.V. . |
| Surveillance Audit | Q4 2024 | A intermediary audit by BSI on a subset of processes and procedures to verify compliance with ISO 27001, resulting in re-certification. |
| Re-certification | March 2025 | Delivery of the ISO 27001 certificate issued by BSI Group The Netherlands B.V. . |
Status
Ver.iD obtained the ISO 27001 certificate in February 2024 from PricewaterhouseCoopers Certification B.V. In 2024, we will continue to build upon this achievement through surveillance audits conducted by our internal auditor and, eventually, by BSI. These ongoing audits ensure that our information security management system remains robust and aligned with ISO 27001 standards, demonstrating our commitment to maintaining the highest levels of data security and trust.
We've migrated from PwC to BSI as auditor due to changes within the auditing structure of PwC.
Certificate
Issuer
| Attribute | Details |
|---|---|
| Issuer | BSI Group The Netherlands B.V. |
| Certificate Number | ISC 589 |
| Effective Date | 2024-11-13 |
| Expiry Date | 2027-02-25 |
| Accreditation Autority | https://www.rva.nl/ |
| Issuer website | https://www.bsigroup.com/nl-NL/ |
Download
For further inquiries or details concerning this certificate, we encourage you to reach out to our compliance team. They will be pleased to provide comprehensive information and address any queries you may have.
Statements of Applicability
The Statements of Applicability outlines the specific ISO 27001 controls that Ver.iD has implemented. This critical document forms the cornerstone of our ISMS, detailing how each applicable control has been addressed within our operations to safeguard sensitive information effectively. We do not have this document publically available, however depending on your needs we have it available on request.
Audit Fact Report
The Audit Fact report outlines the specific ISO 27001 audit details from BSI that conducted the audit. We do not have this document publically available, however depending on your needs we have it available on request.