Trust of our customers is important to us and that’s why we are continuously improving our products and services in terms of security and privacy.
Microblink is ISO 27001 certified which means that we have set up our Information Security Management System according to related standard’s requirements. Ensuring systems and data confidentiality, integrity and availability is embedded in everything we do and we are regularly undergoing rigorous audits to prove it. Management of access, encryption and assets, combined with secure development and IT operations practices, are constantly assessed and reviewed in line with risk management.
Encompassing both our US and Croatian offices, the Scope of Microblink’s ISO 27001 certificate includes development, integration, support, sales and service management for computer vision technology using advanced neural networks and deep learning techniques.
If you have additional questions about our security posture and practices or you want to report a possible vulnerability, please contact us directly at email@example.com.
Since 2023 Microblink has included ISO 27701 standard extension into our certification and audit scope. This means that we understand how precious personally identifiable information is and want to ensure the rights of individuals by restricting the access, retrieval, collection, disclosure, transmission and other forms of processing of data. We continuously identify privacy risks and reassess controls to mitigate them, and we are trying to reduce the likelihood of data breaches and privacy incidents.
Privacy by design and privacy by default principles, which are a requirement of the standard, are included in all of our internal processes, including product development. The scope of ISO 27701 certificate is the same as for ISO 27001 in the role of Microblink as a PII processor. If you are still concerned about sharing your client data or you have a compliance requirement, get in touch with our Sales team to check out our different product options regarding PII processing.
Microblink enforces multi-factor authentication (MFA) and/or single sign-on (SSO) for all systems and applications that allow such secure access methods.
Microblink conducts regular user access reviews which are more frequent and stringent for critical systems and privileged users.
Microblink has a password policy in place which requires complex passwords but we also encourage MFA/SSO and the use of password manager tools wherever and whenever it is possible.
Microblink undergoes regular penetration testing of our products and services which is conducted by independent third-party security partners.
Microblink enforces TLS 1.2 and 1.3 protocols for encryption of data in transit and uses proven algorithms for encryption of sensitive data at rest with adequate cloud infrastructure Key Management Services.
Microblink uses cloud infrastructure managed by industry leaders such as GCP and AWS and regularly reviews the security posture of critical third parties.
Microblink configures the services we are providing in a High Availability mode and by using multiple cloud infrastructure availability regions and zones which can be set up in locations according to agreement.
Microblink has a Business Continuity Policy and Plan in place which is also regularly updated and tested and covers critical systems and services. When providing API services we rely on the continuity of third-party cloud infrastructure which is regularly being reviewed.
Microblink has defined an Incident Management Policy and Plan which is regularly updated and tested while time frames for incident notification are contractually defined and aligned with regulatory requirements.
Microblink conducts regular employee information security and privacy onboarding and has annual training for all employees which includes phishing campaigns. Furthermore, our engineers are constantly brushing up their skills and exchanging experiences on security related topics.
All possible security configuration options of our products and services are explained in the Docs & Demos area of each product on our Developers Hub.
Introduction to ISO27k and ISO 27001 ISO/IEC 27000-series, or ISO27k in short, is a family of stand…
Identity document verification ensures the authenticity of presented documents, which helps to miti…