We enable over 4,000 organizations across Europe to deliver exceptional business services, with a central focus on earning and maintaining your trust.
Architecture
Security is front of mind when designing our applications and business processes. The Verified’s Cloud security architecture is designed with consideration of a broad range of industry standards and frameworks and in tandem with our internal threat modeling process. It is designed to balance the need for flexibility with the need for effective controls to ensure confidentiality, integrity, and availability of our customers' data.
Applications
Development security, data security & information lifecycle management.
Security
Encryption, threat and vulnerability management, security incident management.
Infrastructure
Asset management, access control, operations, communications security.
Data Center & Offices
Verified is using the industry leading cloud provider AWS which has relevant physical security controls in place, validated by external assessments such as SOC 1/ISAE 3402, SOC 2, SOC 3. Physical and environmental security.
Corporate
Security governance, organization of security, personnel security, supplier & third-party data management, mobile security, business continuity, audit/compliance, data privacy.
Network
We practice a layered approach to network access, with controls at each layer of the stack.
We control access to our sensitive networks through the use of virtual private cloud (VPC) routing, firewall rules, and software defined networking. All connectivity is encrypted by default.
Staff connectivity requires device certificates, multi-factor authentication, and use of proxies for sensitive network access. Access to customer data requires explicit review and approval.
We have also implemented intrusion detection and prevention systems in both our office and production networks to identify potential security issues.
The Verified Platform
Threat modeling is used to ensure that we are designing in the right controls for the threats we face.
During the product planning and design phase, we use threat modeling to understand the specific security risks associated with a product or feature. Generally speaking, threat modeling is a brainstorm session between engineers, security engineers, architects, and product managers of an application or service. Threats are identified and prioritized, and that information feeds controls into the design process and supports targeted review and testing in later phases of development.
We use the STRIDE Threat Model framework. STRIDE is an acronym for a common set of security concerns: Spoofing, Tampering, Reputation, Information Disclosure, Denial of Service, and Elevation of Privilege. We utilize threat modeling early in the design process and often can ensure that relevant security configuration and controls are designed to mitigate threats specific to each product or feature we develop.
Amazon
Description and relevant certification
Hosting of our platform for our operational services storage ISO/IEC 27001:2013, SOCI-III, PCI DSS and more.
Company ID and address
Org no: 516411-0669, Kungsgatan 49, 111 22 Stockholm, Sverige
Processing customers data
Processing customers data
Region
EU
Bronnoysundregistrene
Description and relevant certification
Lookup services
Company ID and address
974 760 673, Brønnøysundregistera, Postboks 900, 8910 Brønnøysund
Processing customers data
Yes
Region
EU
Code 11
Description and relevant certification
Operational, monitor and support services. ID: 926 534 173
Company ID and address
@MESH: Tordenskioldsgate 2, 0160 Oslo, Norway
Processing customers data
If customer uses the service
Region
EU
Datadog
Description and relevant certification
Use logdata for Observability, monitoring and security purposes. Read more: https://trust.datadoghq.com/.
Company ID and address
Datadog, Inc. 620 8th Ave 45th Floor, New York, NY 10018 USA https://trust.datadoghq.com/
Processing customers data
Yes
Region
EU
Dun & Bradstreet (former Bisnode)
Description and relevant certification
Lookup services
Company ID and address
Org no: 556341-5685, Rosenborgsgatan 4-6, Solna, Sweden
Processing customers data
Yes, from Dec 27, 2023
Region
EU
EID Easy OÜ
Description and relevant certification
Signing, authentication
Company ID and address
14080014, Telliskivi tn 60/1, Tallinn, Estonia, 10412
Processing customers data
If customer uses the service
Region
EU
Finansiell ID-Teknik BID AB
Description and relevant certification
Signing, authentication, lookup services with BankID SE
Company ID and address
556630-4928, Södra Kungstornet; Kungsgatan 33; 111 56 Stockholm
Processing customers data
If customer uses the service
Region
EU
Google Ireland Limited
Description and relevant certification
Storage of files that enables the customer to maintain the text and its translations to different languages that are used if the service “smart forms” is used.
Company ID and address
ISO/IEC 27001:2013, SOC 2, CSA STAR and more: https://cloud.google.com/security IEno 6388047V, Gordon House, Barrow Street, Dublin 4
Processing customers data
If customer uses the service
Region
EU if customer select to use the service
MongoDB Limited
Description and relevant certification
Storage of process data generated and could be used during usage of some of our services as custom flows and AML.
Company ID and address
ISO/IEC 27001:2013, SOC 2, PCI DSS and more: Number One Ballsbridge, Ballsbridge, Dublin 4, Ireland
Processing customers data
Region
EU if customer select to use the service
Nets AS
Description and relevant certification
Signing, authentication, payments, lookup services
Company ID and address
556630-4928, Södra Kungstornet; Kungsgatan 33; 111 56 Stockholm
Processing customers data
No, only hosting service. Will be replaced with AWS
Region
EU
Plisec AB
Description and relevant certification
Lookup services supporting AML and KYC compliance
Company ID and address
559161-4275, Dansbanevägen, 16, 126 31 Hägersten, Sweden
Processing customers data
If customer uses the service
Region
EU
Tagd AB
Description and relevant certification
Operational services for contract management.
Company ID and address
559364-3058
Skogsfrugränd 1, 16762 Bromma, Sweden
Processing customers data
If customer select to use the service.
Region
EU
Trapets AB
Description and relevant certification
Signing, authentication, payments, lookup services
Company ID and address
Org no: 556586-4773, Kungsgatan 56, 111 22 Stockholm, Sweden
Processing customers data
If customer select to use the service
Region
EU
Vipps AS
Description and relevant certification
Signing, authentication, payments, lookup services
Company ID and address
918 713 867, Postboks 9236 Grønland, 0134 Oslo
Processing customers data
If customer uses the service
Region
EU
Zendesk, Inc.
Description and relevant certification
Tool for our customer support services and ticket application. Contains information provided by the customer and support staff about the service. ISO 27001:18, AICPA, SOCII etc. See: https://www.zendesk.com/product/zendesk-security/
Company ID and address
EIN no: 26-4411091, SEC CIK #0001463172, 989 Market St, San Francisco, CA 94103
Processing customers data
If customer uses the service
Region
EU
Basic electronic - Level 2
Character
Quick and easy
Use cases (local regulations regarding the legal validity and the availability of level 4 signatures apply)
- Customer on-boarding
- Signing when receiving a parcel
Type
Touch ID, Email, SMS OTP
Advanced electronic - Level 3
Character
- Linked to signer
- Increased legally binding proof
- More trustworthy than basic electronic signature
Use cases (local regulations regarding the legal validity and the availability of level 4 signatures apply)
- Loan application
- Employment contracts
- Insurance documents
- Documents from public authorities
Type
SMS OTP, Mail OTP, BankID Sweden, BankID Norway, FTN, NemID
Qualified electronic - Level 4
Character
- Highest level of security
- Personal link to signer
- Digital equivalent of a written signature
- Legal obligation
Use cases (local regulations regarding the legal validity and the availability of level 4 signatures apply)
- Loan application
- Employment contracts
- Insurance documents
- Documents from public authorities
Type
BankID Norway
Standard
ISO 27001
Sponsor
International Organization for Standardisation
Status
Certified ISO 27001 is specification for an information security management system (ISMS), which is a framework for an organization's information risk management processes.
Standard
BankID
Sponsor
BankID
Status
Verified is a compliant partner and issuer of BankID in Norway and Sweden. Merchants get their certificates issued through Verified. Verified adheres to the current requirements of BankID to keep this status/position. BankID meets the banks’ own high standards for Internet banking security.
Book a demo with our experts
- See our solutions in action, customized to your business needs
- Get answers to your specific questions
- Discover how we can help solve your challenges
Thank you for your interest! Your request for a demo has been successfully submitted. Our team will reach out to you shortly to schedule a time that's convenient for you.
Oops! Something went wrong while submitting the form.