Verifiable maintains an Information Security Program to ensure the confidentiality, integrity, and availability of Information assets, while meeting the required legislative, industry, and contractual requirements.
Verifiable’s security policies, procedures, and standards are in accordance with the Trust Service Principles of the AICPA SOC2.
Furthermore, we perform an independent third-party audit of our compliance to the SOC2 standard annually.
Information Security Program
Verifiable maintains a robust Information security program which consists of policies, procedures, and controls to maintain the confidentiality, integrity and availability of information and information assets, Verifiable’s users, guests, employees, and business partners while meeting compliance standards.
Compliance
Verifiable policies, procedures, and standards are based on the SOC2 trust service principles and criteria.
In addition, we use an independent third-party body to audit our compliance to the SOC2 standard annually.
Access Control
Verifiable maintains access control policies and procedures to mitigate against unauthorized access to system resources, by ensuring access to system and resources are granted in accordance with the principle of least privilege, where access is restricted to the minimum level required to perform job functions. In addition to this, Verifiable performs access reviews for all systems and resources.
Secure Software Development
Verifiable’s Software Development Life Cycle (SDLC) framework is based on industry standards such as the OWASP, which ensures that secure design practices are integrated directly into the design and development process of the Verifiable Platform.
Incident Management and Response
An extensive security monitoring and incident response program is in place to notify, investigate and remediate security events. Our Incident Response team verifies the scope and impact of any suspected incident and ensures timely remediation.
Disaster Recovery and Business Continuity
Verifiable maintains policies, procedures, and security controls to ensure the continuity of critical business functions in the event of a catastrophic event. This includes data center resiliency, data redundancy and disaster recovery procedures for the Verifiable Platform.
Data Classification & Management
At Verifiable, all assets have a data owner that is responsible for ensuring specific information assets are handled and managed appropriately.
Verifiable maintains policies and procedures for data classification and protection governing how different classes of data are handled.
Risk Management
Verifiable has a documented Risk Management Program that ensures risks to systems and resources are managed and assessed annually.
Vulnerability Reporting
In accordance with reasonable disclosure, we continue to respond to submitted security issues and encourage anyone to report bugs on our platform.
To submit a bug for review, please send an email to security@verifiable.com