Information Security

Reliable and secure technology you can trust.

At Jumio, we strive to ensure that information security and data protection is embedded into our internal processes and technology from the beginning of everything we do. We are able to achieve this through the effort of our people working together across our business. Our strong posture has been validated through external certifications which we achieved as a result of Jumio’s constant effort and focus on our information security and data protection programs.

Compliance

Jumio operates in multiple jurisdictions and compliance with local laws and regulations is paramount for us to lead a successful business. Our legal team has identified the legal requirements and regulations that are applicable to our operations and we have implemented controls that help to achieve the required level of compliance.

At Jumio, we respect the privacy rights of users and recognize the importance of protecting the information of our customers. Jumio is committed to protecting the privacy and security of digital identities which we verify and authenticate. Our privacy policy explains how information (including personal data as defined under GDPR) is collected, retained, used, disclosed and transferred by Jumio and the available choices you have with regard to your personal information.

Certifications

Our customers are increasingly interested in our level of compliance with security standards and frameworks. We are proud to have achieved certifications against PCI DSS and ISO/IEC 27001:2013 and our security is in a continuous process of improvement regardless of certifications that we hold or strive to achieve.

ISO/IEC 27001:2013

ISO/IEC 27001:2013 certification demonstrates that Jumio successfully operates a systematic approach to securing the data of our customers as well as our corporate information, and our commitment to continuous risk management.

We regularly review our security objectives, security risks and the performance of our controls which help us design new processes or to improve the existing ones.

Our people, processes and technology are independently assessed as meeting the standards set forth by the International Organization for Standardization.

ISO/IEC 27001:2013

PCI DSS

PCI DSS Level 1 compliance demonstrates that Jumio has a robust PCI DSS compliant operating model, which we have built over the years. Our ongoing PCI DSS Level 1 compliance is validated on an annual basis by a skilled external audit team against the requirements of the standard.

We also believe that personal information is as important as credit card and payment data considering its value and this is why we treat it with the same care and apply the same security safeguards to all data of our customers.