Compliance at Yoti and why it matters to you

profile picture Yoti 3 min read

Updated 29th November 2019 to reflect change of SOC 2 classification from SOC 2 Type 1 to SOC 2 Type II.


We do things differently to most tech companies. We’re proud of the fact that we always put compliance and our community first and we like to shout about it.

The way we handle security and compliance is key to protecting your data. If we didn’t get that right, how could we expect anyone to trust us? And without trust, why would anyone use our app?

So, with that in mind, here’s a run-through of the three main compliance accreditations we hold and why you should care. (Don’t worry, we know this stuff can be quite dry so we’ve kept it short).


ISO 27001

What is it?

It’s an international standard for information security management.

Quick fact: although ISO 27001 is now best practice for security around the world, it was originally published in 1995 right here in the UK.

What does it mean for you?

ISO 27001 is about protecting all kinds of data. Not just personal data. So that’s everything from how we monitor who enters our offices to how we pick any suppliers or partners we work with. It basically means we’ve been proven to take security seriously in all areas of the business.


SOC 2 Type II

What is it?

SOC2 (Service Organisation Controls) is all about companies being able to trust each other when providing and outsourcing services.

There are five different criteria that an organisation can be examined on: security (which we have), confidentiality, processing integrity, availability and privacy.

Our independent auditors examined the operation of our security controls over a continuous, six-month period and found no exceptions.


What does it mean for you?

SOC 2 is one of the most respected and rigorous auditing standards for security in the business world.

It’s considered the gold standard and is adhered to by governments, major banks and the biggest tech companies. And receiving a flawless report is almost unheard of. So when we say that security and privacy are our priority, you know we really mean it.


PAS 1296

What is it?

It’s a Publicly Available Specification (PAS) for Online Age Checking.

It sets out regulatory best practice for the sale of age restricted goods or access to age restricted services.

We have done a self assessment against PAS 1296 and had this reviewed by a third party.


What does it mean for you?

It’s all about trust. Trust that an age check performed using Yoti is reliable. For example, if you’re a parent whose child uses Yoti for proof of age accessing child-only forums or online games, you can be confident that environment is only accessed by others their age.