At Jumio, we strive to ensure that information security and data protection is embedded into our internal processes and technology from the beginning of everything we do. We are able to achieve this through the effort of our people working together across our business. Our strong posture has been validated through external certifications that we achieved as a result of Jumio’s constant effort and focus on our information security and data protection programs.
Jumio operates in multiple jurisdictions, and compliance with local laws and regulations is paramount for us to lead a successful business. Our legal team has identified the legal requirements and regulations that are applicable to our operations, and we have implemented controls that help to achieve the required level of compliance.
Our customers are increasingly interested in our level of compliance with security standards and frameworks. We are proud to have achieved ISO/IEC 27001:2013, PCI DSS and SOC2 Type 2 certifications, and our security is in a continuous process of improvement regardless of certifications that we hold or strive to achieve.
ISO/IEC 27001:2013 certification demonstrates that Jumio successfully operates a systematic approach to securing the data of our customers as well as our corporate information, and our commitment to continuous risk management.
We regularly review our security objectives, security risks and the performance of our controls, which helps us design new processes and improve the existing ones.
Our people, processes and technology are independently assessed as meeting the standards set forth by the International Organization for Standardization.
PCI DSS Level 1 compliance demonstrates that Jumio has a robust PCI DSS compliant operating model. Our ongoing PCI DSS Level 1 compliance is validated on an annual basis by a skilled external audit team against the requirements of the standard.
We also believe that personal information is as important as credit card and payment data, and this is why we treat it with the same care and apply the same security safeguards to all data of our customers.
SOC2 Type 2
Jumio Transaction Monitoring system has obtained SOC2 Type 2 certification, which demonstrates the ongoing performance of the system’s controls.
Jumio was able to achieve the SOC2 certification for the Jumio Transaction Monitoring system due to the information security model that we have designed and implemented across the entire organization as well as our long history of the ongoing compliance with other standards and regulations, such as PCI DSS and ISO27001. Achieving this milestone gives us confidence that our engineering practices can undergo the same attestation for all Jumio products in due time, since all our security and engineering practices follow the same information security model and governance.