Security & Compliance

Protecting digital identity with enterprise-grade security and comprehensive compliance.
Security and compliance form the foundation of everything we build at Vidos. As enterprises trust us with their identity verification infrastructure, we maintain rigorous standards for operational excellence, data protection, and regulatory compliance backed by internationally recognized certifications.
Visit Our Trust Centre
ISO9001 logoCyber Essentials logoISO27001 logogdpr logo

Our Certifications

ISO 9001:2015 - Quality Management

Our commitment to quality management ensures consistent, reliable service delivery across all our operations. This certification demonstrates our dedication to continuous improvement, customer satisfaction, and operational excellence.

ISO 27001:2022 - Information Security

We maintain robust information security management systems that protect your data and our infrastructure. This certification validates our comprehensive approach to identifying, managing, and mitigating security risks.

UK Cyber Essentials

We hold UK Cyber Essentials certification, demonstrating our protection against the most common cyber threats. This government-backed scheme is essential for organizations working with UK government contracts and shows our commitment to fundamental cyber security controls. The certification validates that we have the technical controls in place to protect against the majority of common cyber attacks.

Data Protection & Privacy

GDPR Compliance

We are fully compliant with the General Data Protection Regulation (GDPR), ensuring:
  • Data Minimization: We only process data necessary for verification purposes
  • Purpose Limitation: Data is used solely for its intended identity verification purpose
  • Privacy by Design: Privacy protection is built into our architecture from the ground up
  • User Rights: Support for data portability, erasure, and access requests

Data Residency

  • Infrastructure hosted on AWS (EU Ireland region)
  • International data transfers protected by appropriate safeguards (SCCs/IDTA)
  • Configurable regional deployment options for enterprise customers

Encryption Standards

  • Data Protection: Industry-standard encryption protocols for data at rest and in transit
  • Secure Communications: Modern TLS encryption for all API communications
  • Cryptographic Integrity: Robust cryptographic operations for credential verification
  • Key Management: Secure key storage and management practices

Infrastructure Security

Architecture

Our platform is built on a zero-trust security model with:
  • Network Isolation: Segmented networks with strict access controls
  • API Security: Rate limiting, authentication, and authorization at every endpoint
  • DDoS Protection: Enterprise-grade protection against distributed attacks
  • WAF Protection: Web application firewall protecting against common vulnerabilities

Operational Security

  • Security Monitoring: Comprehensive monitoring and threat detection
  • Incident Response: Defined incident response procedures with rapid escalation
  • Vulnerability Management: Regular security assessments and penetration testing
  • Patch Management: Systematic approach to security updates and patches

Access Controls

  • Role-Based Access Control (RBAC): Granular permission management
  • Multi-Factor Authentication (MFA): Required for all administrative access
  • Audit Logging: Comprehensive logging of all system access and changes
  • Principle of Least Privilege: Minimal access rights for all users and systems

Compliance Framework

Regulatory Alignment

We maintain compliance with key regulations affecting digital identity

eIDAS 2.0 Ready

  • Support for European Digital Identity Wallet requirements
  • Qualified electronic signature compatibility
  • Cross-border interoperability standards

UK Government Requirements

  • Cyber Essentials Certified: Meeting UK government requirements for handling sensitive data
  • Supply Chain Security: Recognized by UK banks and enterprises for supply chain assurance
  • Public Sector Ready: Qualified to bid for UK government contracts involving financial or personal data

Industry Standards

  • W3C Standards: Full compliance with Verifiable Credentials and DID specifications
  • OpenID Standards: Support for OpenID4VC and OpenID4VP protocols
  • ISO/IEC 18013-5 & 18013-7: Compatible with mobile driving license standards

Trust & Assurance

Third-Party Audits

  • Annual ISO certification audits
  • UK Cyber Essentials assessment and certification
  • Regular penetration testing by independent security firms
  • Compliance assessments for regulatory requirements

Service Level Agreements

  • 99.95% Uptime SLA: Guaranteed availability for enterprise customers
  • Response Time Guarantees: Defined SLAs for verification operations
  • Support SLAs: Priority support with guaranteed response times

Business Continuity

  • Disaster Recovery: Comprehensive planning and preparedness
  • Data Backup: Automated, encrypted backup procedures
  • Redundancy: Built-in redundancy and failover capabilities
  • Service Continuity: Designed for high availability and rapid recovery

Security Engineering

  • Secure Development Practices: Security-first approach throughout our development lifecycle
  • API Protection: Multi-layered authentication, rate limiting, and validation controls
  • Continuous Security Monitoring: Regular security assessments and dependency updates
  • Defense in Depth: Multiple security layers to protect against various threat vectors

Continuous Improvement

  • Secure Development Practices: Security-first approach throughout our development lifecycle
  • API Protection: Multi-layered authentication, rate limiting, and validation controls
  • Continuous Security Monitoring: Regular security assessments and dependency updates
  • Defense in Depth: Multiple security layers to protect against various threat vectors

Data Governance

Data Handling

  • Data Classification: Clear classification of data sensitivity levels
  • Retention Policies: Defined retention periods aligned with regulations
  • Data Deletion: Secure deletion procedures for end-of-life data
  • Data Portability: Support for data export in standard formats

Transparency

  • Privacy Policy: Clear, accessible privacy policy
  • Data Processing Agreements: Comprehensive DPAs for enterprise customers
  • Breach Notification: Commitment to timely breach notification as required by law
  • Documentation: Security and compliance documentation available through our Trust Centre

Continuous Improvement

Third-Party Audits

  • Annual ISO certification audits
  • UK Cyber Essentials assessment and certification
  • Regular penetration testing by independent security firms
  • Compliance assessments for regulatory requirements

Service Level Agreements

  • 99.95% Uptime SLA: Guaranteed availability for enterprise customers
  • Response Time Guarantees: Defined SLAs for verification operations
  • Support SLAs: Priority support with guaranteed response times

Business Continuity

  • Disaster Recovery: Comprehensive planning and preparedness
  • Data Backup: Automated, encrypted backup procedures
  • Redundancy: Built-in redundancy and failover capabilities
  • Service Continuity: Designed for high availability and rapid recovery

Security Engineering

  • Secure Development Practices: Security-first approach throughout our development lifecycle
  • API Protection: Multi-layered authentication, rate limiting, and validation controls
  • Continuous Security Monitoring: Regular security assessments and dependency updates
  • Defense in Depth: Multiple security layers to protect against various threat vectors

Continuous Improvement

We maintain a culture of continuous security improvement through:
  • Regular security training for all staff
  • Participation in security research communities
  • Proactive threat intelligence monitoring
  • Regular review and update of security policies

Build on a Foundation of Trust

Our security and compliance framework ensures your digital identity infrastructure meets the highest standards. From financial services to government applications, Vidos provides the security assurance and regulatory alignment your organization requires.

For detailed security documentation, compliance attestations, visit our Trust Centre →
Visit Trust Centre
To discuss your specific requirements contact our security team →
Contact Our Security Team