We enable over 4,000 organizations across Europe to deliver exceptional business services, with a central focus on earning and maintaining your trust.
Security is front of mind when designing our applications and business processes. The Verified’s Cloud security architecture is designed with consideration of a broad range of industry standards and frameworks and in tandem with our internal threat modeling process. It is designed to balance the need for flexibility with the need for effective controls to ensure confidentiality, integrity, and availability of our customers' data.
Development security, data security & information lifecycle management.
Encryption, threat and vulnerability management, security incident management.
Asset management, access control, operations, communications security.
Verified is using the industry leading cloud provider AWS which has relevant physical security controls in place, validated by external assessments such as SOC 1/ISAE 3402, SOC 2, SOC 3. Physical and environmental security.
Security governance, organization of security, personnel security, supplier & third-party data management, mobile security, business continuity, audit/compliance, data privacy.
We practice a layered approach to network access, with controls at each layer of the stack.
We control access to our sensitive networks through the use of virtual private cloud (VPC) routing, firewall rules, and software defined networking. All connectivity is encrypted by default.
Staff connectivity requires device certificates, multi-factor authentication, and use of proxies for sensitive network access. Access to customer data requires explicit review and approval.
We have also implemented intrusion detection and prevention systems in both our office and production networks to identify potential security issues.
Threat modeling is used to ensure that we are designing in the right controls for the threats we face.
During the product planning and design phase, we use threat modeling to understand the specific security risks associated with a product or feature. Generally speaking, threat modeling is a brainstorm session between engineers, security engineers, architects, and product managers of an application or service. Threats are identified and prioritized, and that information feeds controls into the design process and supports targeted review and testing in later phases of development.
We use the STRIDE Threat Model framework. STRIDE is an acronym for a common set of security concerns: Spoofing, Tampering, Reputation, Information Disclosure, Denial of Service, and Elevation of Privilege. We utilize threat modeling early in the design process and often can ensure that relevant security configuration and controls are designed to mitigate threats specific to each product or feature we develop.
Hosting of our platform for our operational services storage ISO/IEC 27001:2013, SOCI-III, PCI DSS and more.
Org no: 516411-0669, Kungsgatan 49, 111 22 Stockholm, Sverige
Processing customers data
EU
Lookup services
974 760 673, Brønnøysundregistera, Postboks 900, 8910 Brønnøysund
Yes
EU
Use logdata for Observability, monitoring and security purposes. Read more: https://trust.datadoghq.com/.
Datadog, Inc. 620 8th Ave 45th Floor, New York, NY 10018 USA https://trust.datadoghq.com/
Yes
EU
Lookup services
Org no: 556341-5685, Rosenborgsgatan 4-6, Solna, Sweden
Yes, from Dec 27, 2023
EU
Signing, authentication
14080014, Telliskivi tn 60/1, Tallinn, Estonia, 10412
If customer uses the service
EU
Signing, authentication, lookup services with BankID SE
556630-4928, Södra Kungstornet; Kungsgatan 33; 111 56 Stockholm
If customer uses the service
EU
Storage of files that enables the customer to maintain the text and its translations to different languages that are used if the service “smart forms” is used.
ISO/IEC 27001:2013, SOC 2, CSA STAR and more: https://cloud.google.com/security IEno 6388047V, Gordon House, Barrow Street, Dublin 4
If customer uses the service
EU if customer select to use the service
Storage of process data generated and could be used during usage of some of our services as custom flows and AML.
ISO/IEC 27001:2013, SOC 2, PCI DSS and more: Number One Ballsbridge, Ballsbridge, Dublin 4, Ireland
EU if customer select to use the service
Signing, authentication, payments, lookup services
556630-4928, Södra Kungstornet; Kungsgatan 33; 111 56 Stockholm
If customer uses the service.
EU
Lookup services supporting AML and KYC compliance
559161-4275, Dansbanevägen, 16, 126 31 Hägersten, Sweden
If customer uses the service
EU
Operational services for contract management.
559364-3058
Skogsfrugränd 1, 16762 Bromma, Sweden
If customer select to use the service.
EU
Signing, authentication, payments, lookup services
Org no: 556586-4773, Kungsgatan 56, 111 22 Stockholm, Sweden
If customer select to use the service
EU
Offer eID (MitID Erhverv in Denmark)
c/o Nets Denmark A/S
Klausdalsbrovej 601
2750 Ballerup
If customer select to use the service
EU
Signing, authentication, payments, lookup services
918 713 867, Postboks 9236 Grønland, 0134 Oslo
If customer uses the service
EU
Tool for our customer support services and ticket application. Contains information provided by the customer and support staff about the service. ISO 27001:18, AICPA, SOCII etc. See: https://www.zendesk.com/product/zendesk-security/
EIN no: 26-4411091, SEC CIK #0001463172, 989 Market St, San Francisco, CA 94103
If customer uses the service
EU
Quick and easy
Touch ID, Email, SMS OTP
SMS OTP, Mail OTP, BankID Sweden, BankID Norway, FTN, MitID
BankID Norway
ISO 27001
International Organization for Standardisation
Certified ISO 27001 is specification for an information security management system (ISMS), which is a framework for an organization's information risk management processes.
BankID
BankID
Verified is a compliant partner and issuer of BankID in Norway and Sweden. Merchants get their certificates issued through Verified. Verified adheres to the current requirements of BankID to keep this status/position. BankID meets the banks’ own high standards for Internet banking security.