Prioritising privacy and security: Yoti’s commitment to meeting ISO standards

profile picture Amba Karsondas 6 min read
Image of three ISO certification symbols for ISO 27701, ISO 27001 and ISO 9001.

We’re committed to protecting the privacy and security of our users. That’s why we’re thrilled to announce that we have recently been certified to meet ISO 9001 and ISO 27701 standards.

This is a huge achievement for us as it confirms that our quality management system and data protection policies and procedures meet international standards. These sit alongside ISO 27001 which we’ve met since 2015.

 

What are ISO standards?

The International Standards Organisation (ISO) is an independent body made up of industry experts from around the world.

They’ve created a series of standards which cover almost all aspects of technology and manufacturing. ISO standards offer businesses a way to standardise and regulate their processes.

ISO standards are designed with the needs of the parties they represent in mind. These could be manufacturers, sellers, buyers, customers, trade associations, users or regulators.

They are internationally recognised and transferable across different industries. This allows for a safer and more consistent end result as everyone is able to follow the same set of guidelines.

 

What is ISO 27701?

ISO 27701 is a newly released framework for data privacy. Most countries have laws on data protection and privacy. Those laws tell a company what they need to do to comply. Though they are broadly similar, some of the details tend to differ across jurisdictions.

To allow for these differences, ISO 27701 guides companies on best practices for managing their privacy and data protection activities.

Companies are required to document how their practices are in line with the standard’s requirements. They must also be audited by internal and third-party auditors.

Our auditor said, “It is clear to see that the business and its employees are totally committed to making the business the best it can be, and I can see strong signs that it won’t just be best-in-class but world-class.”

 

How does Yoti meet ISO 27701 standards?

At Yoti, we work closely with personal data. It’s a key part of what we do.

One of the founding principles within our ethical framework is to ‘enable privacy and anonymity’. Therefore, it’s essential that we have a robust privacy information management system (PIMS) in place. With this, we can keep personal data safe as it ensures that we follow local laws such as the Data Protection Act (DPA) and GDPR.

David Davis, our Technical Compliance Officer, said, “Since our company’s inception, we have always aimed to follow best practices in data protection, and comply with the law in the territories we operate in. ISO 27701 is a new international standard for this, and we were eager to be an early adopter.”

One way that we do this is through ‘Privacy by Design’. When building and engineering our products, we consider privacy and data protection right from the start. And our database architecture is built to be protected against data breaches and cybersecurity attacks.

This means that everything, from our Digital ID app to our age assurance solutions, is built with privacy at the core. Users are always in control of their data. They have full visibility over what data they are sharing, and who they are sharing it with.

This is all overseen by our Data Protection Officer. They make sure that we process personal data in compliance with data protection rules.

 

What is ISO 27001?

Security goes hand in hand with privacy. ISO 27701 relies on ISO 27001 – the world’s best-known standard for information security management systems (ISMS).

It provides companies with guidance for establishing, implementing, maintaining and improving an ISMS.

We were certified to meet ISO 27001 standards back in 2015, just one year after Yoti was founded. Achieving this standard early on was a priority for us as keeping our users’ data secure is fundamental to our business. We needed to be sure that we were compliant long before we even had any customers.

 

How does Yoti meet ISO 27001 standards?

To be ISO 27001 compliant, we have over 100 different security controls in place. Each control addresses a specific security risk such as system access, the physical security of our buildings, and personnel security.

As technology is evolving at such a rapid rate, we need to be able to manage risks. Security is an incredibly complex area, which is why we use a ‘layered’ approach. This involves multiple controls covering all sorts of human, physical and technological aspects.

These have to be continually monitored to ensure that there are no breaches and that everyone is informed of the latest measures. This gives our controls the best chance of working reliably.

 

What is ISO 9001?

ISO 9001 sets out the criteria for quality management systems. It checks for an effective system for providing products and services that meet customer and regulatory needs.

Put simply, it makes sure that businesses have a strong customer focus and are always looking to improve their products. This is to ensure that customers get consistent, good quality products and services that meet their needs.

 

How does Yoti meet ISO 9001 standards?

There are lots of different ways that a business can do this. During our product development process, we focus on meeting WCAG accessibility guidelines. In our Security Centre, there is a strong focus on training and quality checking our staff.

After products are live, we have a Quality Assurance team who try to keep our software free of bugs. And we have dedicated Customer Services and Customer Success teams who give our customers a helping hand.

 

Privacy as a priority

With the rise of online services and the accelerating shift to a digital world, people understandably have lots of concerns about data privacy and how businesses manage their personal information.

It has never been more important for companies to be transparent about how they handle data and what they’re doing to protect it.

For us, prioritising privacy and implementing data protection processes is vital. By being certified to meet ISO 9001, ISO 27701 and ISO 27001 standards, we hope that this is a step towards reassuring our customers that we’ll always handle data responsibly and securely.

If you’d like to know more about our privacy and security practices, take a look at our privacy centre or get in touch.

Keep reading

An image of three smartphones, each displaying what the new Student ID feature looks like in the Post Office EasyID app, the Yoti app and the Lloyds Bank Smart ID app.

Introducing verified Student IDs on your phone

We’re excited to introduce Student IDs – a new feature that allows students to confirm their student status through our Digital ID apps. With nearly three million students in the UK, we’re proud to make student verification simpler for millions. With a verified Student ID, students can quickly and easily prove they are a student, without having to show a physical student card. They display only the key information, such as their photo, university email, and verified student status, directly to businesses. This approach enhances students’ privacy and security while providing businesses with reliable confirmation of student status.   

3 min read
Two people swapping their verified details using their Yoti ID app

Shop with confidence: protect yourself on secondhand platforms with peer to peer checks

From clothes and accessories to furniture, toys and electronics, there’s a whole variety of secondhand items being bought and sold online. Over the last few years, the popularity of secondhand platforms has continued to grow. Sellers are keen to turn unused items into money and buyers are on the hunt for a bargain. In fact, 63% of UK online shoppers say they’ve bought secondhand in the past year, compared to 37% who haven’t. Clothing is most popular, with 30% of people purchasing a pre-owned clothing item in the last year. Our own research found that 65% of people will

3 min read
Woman surrounded by green plants using her smartphone

Age Check Certification Scheme evaluation for Yoti Facial Age Estimation

We are pleased to announce Yoti has been re-evaluated by the Age Check Certification Scheme (ACCS) for our facial age estimation (FAE) on our latest September 2024 model. ACCS now report our Mean Absolute Error (MAE) for 18 year olds is just 1.05 years, with a Standard Deviation (SD) of just 1.01 years. ACCS first tested Yoti’s September  2020 model in November 2020, reporting the MAE for 18 year olds to be 1.79, demonstrating our continued effort to improve the performance of our model.   Yoti has been training its FAE model since early 2018 by using data captured mainly

3 min read