December 09, 2021
Plaid’s continued investment in security and privacy standards
Kenneth Moras
Plaid achieves ISO27001 and ISO27701 certification strengthening commitments to consumer data security and privacy
Plaid was founded on the principle that people should be in control over where and how they share their financial information. Core to this principle is people’s ability to share their data securely and with the peace of mind that the data is handled appropriately. As part of our continued commitment to Security and Privacy, we are proud to announce that Plaid is ISO27001 and ISO27701 certified. Both ISO27001 and ISO27701 are internationally recognized standards; and these certifications will be part of our Security and Privacy assurance program, which also includes our annual SOC 2 Type II report, as we continue to expand globally.
With millions of consumers relying on Plaid’s ecosystem to manage their financial lives, we invest significant resources to ensure our security and privacy practices are best-in-class. In order to earn these certifications, our systems and practices went through several rounds of testing and evaluation via third-party auditors over the course of many months. We prioritize these investments because nothing is more critical than earning the trust of our customers and their users.
The International Organization for Standardization (ISO) is an independent, non-governmental international organization that includes 163 national standards bodies across its membership. The ISO27001 and ISO 27701 will be familiar to compliance, security and privacy experts who oversee digital tools across a variety of industries, but we’ve provided further context below for those less familiar. While we’re proud to have attained these certifications, we will continue to evolve our practices to accommodate change and growth of our business and the broader fintech ecosystem.
What is ISO27001 & ISO 27701 certification?
ISO/IEC 27001 is an international standard that specifies best practices and details the security safeguards that can help manage information security risks.
ISO/IEC 27701 is an international privacy standard that extends the requirements of ISO/IEC 27001, which helps organizations comply with international privacy frameworks and laws
Why is this significant?
As part of the auditing process to earn these internationally recognized standards, Plaid underwent rigorous evaluation by Schellman (our ISO auditor) in several areas related to how we handle data. As a result, these standards certify that Plaid:
Has demonstrated commitment in our practices and policies, and dedicated appropriate resources to the privacy and protection of consumers' data.
Has a comprehensive set of management and operational controls to comply with privacy laws and regulations
Has adequate framework and management support to continuously improve our privacy and security posture as the industry evolves
These certifications should help all companies evaluating Plaid’s policies and practices streamline their compliance processes, resulting in faster decisioning based on third-party analysis of crucial data security and privacy obligations. In addition, all those reliant on our network will continue to benefit from Plaid’s commitment to stronger data security and privacy practices as our ecosystem continues to scale. Going forward, we’ll continue to comply with the highest levels of privacy and security standards, as we strive towards our mission of unlocking financial freedom for everyone.