Compliance and certifications
Ory is dedicated to maintaining the highest standards of data security to protect the personal data stored on behalf of our customers. To provide our customers with the assurance the need, Ory has engaged with internationally-recognized certification programs and adopted the best industry practices and technologies to keep our customers' data safe.
Ory holds a certificate for ISO 27001:2013, which you can can download for inspection. You can also verify the ISO 27001:2013 certification directly with our auditor. The ISO 27001 certification verifies that Ory has an information security management system (ISMS) in place to assure the confidentiality and integrity of your data. Our internal security team is dedicated to ensuring that Ory maintains the highest standards of data protection.
SOC 2 Type 1 and Type 2 attestation is underway. Ory is committed to protecting customer data and conducting a rigorous audit process to verify that all security controls are in place.
SOC 2 certification demands a comparable level of data protection and security processes as the ISO 27001 standard, but the SOC 2 certification is more widely recognized in North America.
Ory Network was built with GDPR in mind, making it easy for our customers to respect the rights of data subjects. Ory supports the option of hosting personal data exclusively on EU based servers, which is a key requirement of GDPR compliance. For more details, see GDPR compliance.
Ory OAuth2 and OpenID Connect (Ory Hydra) is OpenID certified and details of the certification can be viewed on the OpenID certification page. Ory is certified as an OpenID Provider, satisfying the following OpenID Connect Conformance Profiles: Basic OP, Implicit OP, Hybrid OP, Config OP, and Dynamic OP.