Security

Reliable and secure technology you can trust.

At Jumio, we strive to ensure that information security and data protection is embedded into our internal processes and technology from the beginning of everything we do. We are able to achieve this through the effort of our people working together across our business. Our strong posture has been validated through external certifications that we achieved as a result of Jumio’s constant effort and focus on our information security and data protection programs.

Compliance

At Jumio, we respect the privacy rights of users and recognize the importance of protecting the information of our customers. Jumio is committed to protecting the privacy and security of users whose identities we verify and authenticate. Our Privacy Notices explain how personal information is collected, retained, used, disclosed and transferred by Jumio and the available choices you have with regard to your personal information.

Certifications

Our customers are increasingly interested in our level of compliance with security standards and frameworks. We are proud to have achieved ISO/IEC 27001:2013, PCI DSS and SOC2 Type 2 certifications, and our security is in a continuous process of improvement regardless of certifications that we hold or strive to achieve.

ISO/IEC 27001:2013

ISO/IEC 27001:2013 certification demonstrates that Jumio successfully operates a systematic approach to securing the data of our customers as well as our corporate information, and our commitment to continuous risk management.

We regularly review our security objectives, security risks and the performance of our controls, which helps us design new processes and improve the existing ones.

Our people, processes and technology are independently assessed as meeting the standards set forth by the International Organization for Standardization.

PCI DSS

PCI DSS Level 1 compliance demonstrates that Jumio has a robust PCI DSS compliant operating model. Our ongoing PCI DSS Level 1 compliance is validated on an annual basis by a skilled external audit team against the requirements of the standard.

We also believe that personal information is as important as credit card and payment data, and this is why we treat it with the same care and apply the same security safeguards to all data of our customers.

SOC2 Type 2

The Jumio KYX Platform is SOC2 Type 2 certified against organizational controls in the following trust principles:

  • Security
  • Confidentiality
  • Availability

The SOC2 Type 2 certification and report provide a validation of security controls in operation across Jumio’s people, processes and technology. This accreditation demonstrates Jumio’s commitment to securely handling customer data and the effectiveness of the organizational security controls that secure Jumio’s KYX Platform.