We are an ISO27001 certified company

We are an ISO27001 certified company

The protection of our clients’ data is Didomi's highest priority. This page outlines our approach to security and confidentiality.
Didomi - ISO27001 certified company

Compliance

Didomi continuously invests in information security and privacy protection. Didomi has attained the compliance certification for ISO/IEC 27001:2013, the internationally-recognized standard that defined Didomi’s information security management system (ISMS), as well as best practices and comprehensive security controls. Organizations that meet the ISO standard must be certified by an independent and accredited certification body after the successful completion of a formal audit.

Information Security Management System

Creating an Information Security Management System’s (ISMS) is a critical part of the ISO 27001 process. As such Didomi has adopted and implemented an Information Security Management System which includes but is not limited to:

- Full Suite of Information Security Policies
- Annual Policy Review
- Annual Internal Audits
- Regular Access Audits
- Vendor Security Management

The Didomi ISMS provides guidance, standards, and practices by which Didomi, its employees, and third parties can adhere to industry best practices in information security.

Layers of defense

Didomi’s infrastructure is protected by numerous layers of defense, known in the information security industry as a “Defense-in-Depth” strategy. Our security architecture includes:

- Distributed Denial-of-Service (DDoS) mitigation
- Encryption of data in transit and at rest
- Intrusion Detection and Prevention Systems
- Routine annual penetration tests by third-party security firms
- Security Patch Management
- Vulnerability Scanning

We pay special attention to the OWASP Top 10 and have tailored our development processes to identify and mitigate these issues.Didomi also uses state-of-the-art technology combined with a full suite of information security policies to ensure our corporate environment is protected.

Backups and redundancy

Didomi’s infrastructure is engineered for redundancy and round-the-clock availability. We also conduct point-in-time encrypted backups of data stored at Didomi.

Our infrastructure is distributed between several datacenters with active-active load balancing at each level (CDN and in the datacenters). We replicate all of our data and servers in at least two physically separated data centers.

People

Didomi believes that its employees are the cornerstone of any successful Information Security Program. As such Didomi has implemented strong personnel security practices including but not limited to:

- Background Checks
- Information Security Training Upon Hire
- Annually Updated Information Security Training

Reporting security incidents

If you suspect a security issue or any account in your organization's Didomi account that may have been compromised, please contact Didomi at security@didomi.io.

If you are a security researcher who has potentially discovered a security weakness or vulnerability in Didomi’s systems, please send an email to security@didomi.io with information and we will provide information on secure responsible disclosure.