World-First Security Certification Package
We have been certified through a unique combination of security certificates for our NFC- based identity verification technology ReadID by TÜV Austria.
ISO27701 certified
ISO27001 certified
eIDAS module certifications
SOC2 type 2
Cyber Essentials Plus
WCAG 2.1 AA
ISO/IEC 27001 – Information security management
Inverid’s ISO/IEC 27001 certification certifies that we have an appropriate Information Security Management System (ISMS) in place. That means that we:
-
Systematically examine the organisation's information security risks, taking into account the threats, vulnerabilities, and impacts;
-
Design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address those risks that are deemed unacceptable; and
-
Adopt an overarching management process to ensure that the information security controls continue to meet the organisation's information security needs on an ongoing basis.
ISO/IEC 27701 – Privacy management
Whereas the ISO/IEC 27001 certificate provides baseline security for our ReadID customers, our ISO/IEC 27701 certificate brings it to the next level by adding data privacy-specific extensions to it. ISO/IEC 27701 is relatively new and much less common than ISO 27001. ISO/IEC 27701 differentiates ReadID and underlines our continuous efforts to ensure the privacy of the data we handle.
Privacy is a key aspect of our product ReadID, as our solutions have access to millions of identity documents. We take our responsibility for the privacy of the holders of these documents very seriously.
Inverid’s ISO/IEC 27701 certification demonstrates that we have established and implemented an effective Privacy Information Management System extending our ISO/IEC 27001 Information Security Management System. This means that we have all the required security and privacy controls in place to securely process personal data as a controller as well as a processor.
eIDAS module certification for Qualified Trust Service Providers
eIDAS 910/2014 is an EU regulation that establishes trust in electronic transactions between individuals, organisations and government entities across the European Member States. Its two cornerstones are electronic identification and digital signatures. The module certification is about the latter: it specifies rules for trust services to simplify and standardise digital signatures across Europe.
Inverid provides identity data and document verification services for qualified trust service providers operating under the eIDAS regulation. ‘Qualified’ is the highest trust level, a digital signature at a qualified level is legally equivalent to a wet signature. For these services, Inverid has been certified as being compliant with applicable eIDAS requirements as well as relevant applicable ETSI EN 319 401 and ETSI EN 319 411-1/2 standards for qualified trust service providers issuing qualified certificates.
eIDAS eID module certification for assurance level High
The eIDAS 910/2014 regulation establishes trust in electronic transactions between individuals, organisations and government entities across European Member States, at levels Low, Substantial and High.
Next to digital signatures, it specifies rules for electronic identification to simplify and standardise electronic identities (eIDs), i.e., authentication solutions, across Europe. Inverid’s ReadID provides identity data and document verification services for electronic identity providers that issue eIDs under eIDAS at level High.
Compared to Know Your Customer (KYC) and authentication practices in the financial sector that are typically on an eIDAS Substantial level, ReadID is therefore audited to be trusted at the highest level possible.
Service Organization Control 2 (SOC2) type 2
Developed by the American Institute of Certified Public Accountants (AICPA), SOC 2 is widely recognized as a gold standard for data security and requires companies to establish and follow strict information security policies and procedures.
This means that Inverid’s security system and controls adhere to applicable trust services criteria that customers demand for regulatory compliance and governance requirements. Customers requiring this same level of compliance from their technology vendors can put their confidence in Inverid.
Customers can use the SOC2 type 2 report to validate that Inverid has significant processes and security measures in place to protect user data and privacy.
Cyber Essentials Plus
Cyber Essentials Plus helps guard against the most common cyber threats and demonstrates our commitment to cyber security. The Cyber Essentials Plus certificate of assurance complies with the requirements of the Cyber Essentials scheme, a UK government-backed scheme focussing on five important technical security controls complete with a hands-on technical evaluation.
Web Content Accessibility Guidelines 2.1 level AA
WCAG 2.1 is the most recent and relevant accessibility standard for becoming compliant with EU legislation. WCAG 2.1 covers a wide range of recommendations for making web content and mobile apps more accessible. Following these guidelines will make content more accessible to a wider range of people with disabilities, including accommodations for blindness and low vision, deafness and hearing loss, limited movement, speech disabilities, photosensitivity, and combinations of these, and some accommodations for learning disabilities and cognitive limitations; but will not address every user need for people with these disabilities.
As many of our customers have to comply with WCAG 2.1, so does Inverid for its whole portfolio of ReadID offerings such as UI SDK and Ready. At the beginning of 2023, ReadID’s WCAG 2.1 level A and AA compliance was assessed by Accessibility, an independent and accredited accessibility assessment foundation.
ISO/IEC 27001 certified
ISO/IEC 27701 certified
eIDAS module certifications
SOC2 type 2
Cyber Essentials Plus
