Verifiable maintains an Information Security Program to ensure the confidentiality, integrity, and availability of Information assets, while meeting the required legislative, industry, and contractual requirements.

Verifiable’s security policies, procedures, and standards are in accordance with the Trust Service Principles of the AICPA SOC2.

Furthermore, we perform an independent third-party audit of our compliance to the SOC2 standard annually.

Information Security Program

Verifiable maintains a robust Information security program which consists of policies, procedures, and controls to maintain the confidentiality, integrity and availability of information and information assets, Verifiable’s users, guests, employees, and business partners while meeting compliance  standards.


Verifiable policies, procedures, and standards are based on the SOC2 trust service principles and criteria.

In addition, we use an independent third-party body to audit our compliance to the SOC2 standard annually.

Access Control

Verifiable maintains access control policies and procedures to mitigate against unauthorized access to system resources, by ensuring access to system and resources are granted in accordance with the principle of least privilege, where access is restricted to the minimum level required to perform job functions. In addition to this, Verifiable performs access reviews for all systems and resources.

Secure Software Development

Verifiable’s  Software Development Life Cycle (SDLC) framework is based on industry standards such as the OWASP, which ensures that secure design practices are integrated directly into the design and development process of the Verifiable Platform.

Incident Management and Response

An extensive security monitoring and incident response program is in place to notify, investigate and remediate security events. Our Incident Response team verifies the scope and impact of any suspected incident and ensures timely remediation.

Disaster Recovery and Business Continuity

Verifiable maintains policies, procedures, and security controls to ensure the continuity of critical business functions in the event of a catastrophic event. This includes data center resiliency, data redundancy and disaster recovery procedures for the Verifiable Platform.

Data Classification & Management

At Verifiable, all assets have a data owner that is responsible for ensuring specific information assets are handled and managed appropriately.

Verifiable maintains policies and procedures for data classification and protection governing how different classes of data are handled.

Risk Management

Verifiable has a documented Risk Management Program that ensures risks to systems and resources are managed and assessed annually.

Vulnerability Reporting

In accordance with reasonable disclosure, we continue to respond to submitted security issues and encourage anyone to report bugs on our platform.

To submit a bug for review, please send an email to