Accredify Awarded ISO 27017 and ISO 27018 Certificates for SaaS and API Services

Picture of Jessica Tan

Jessica Tan

Chief Marketing Officer

Ready to get started?

David Mudd, Global Head of Digital Trust Assurance at BSI, handing over the ISO 27017 and ISO 27018 certificate to Accredify's Co-Founder and Chief Risk Officer, Edmund Chew.

SINGAPORE, 15 November 2023 – Accredify, Asia Pacific’s leading verifiable solutions provider, today announced that it has successfully been awarded both ISO/IEC 27017 and ISO/IEC 27018 certifications. These certificates act as a reinforcement of Accredify’s ISO 27001 certification which was first awarded in July 2020 for its information security management system (ISMS).  

Accredify is committed to protecting user and customer information. As part of this commitment, Accredify was audited for its conformance to ISO 27017 and ISO 27018 to strengthen Accredify’s ISMS where Accredify is audited for its conformance to ISO 27001 annually since July 2020. These two successful certification audits attest to the comprehensiveness of the firm’s ISMS, demonstrating our unwavering commitment to our clients’ best interests. It offers our customers and users increased confidence and assurance that we uphold the highest standards of information security and data protection. 

The Certification Scope for both ISO/IEC 27017 and ISO/IEC 27018 covers “the provision of Software as a Service (SaaS) portal and application programming interfaces (APIs) for customers and recipients to generate, issue, distribute, and verify their documents.” The ISO/IEC 27017 certifies Accredify as both a cloud service customer and a cloud service provider, having implemented information security controls applicable to the provision and use of cloud services. The ISO/IEC 27018 standard certifies Accredify as a public cloud service that has adhered to data security measures to protect and process Personally Identifiable Information (PII). 

ISO 27017 is an international standard which provides a code of practice for information security controls based on the ISO/IEC 27002 standard. It consists of additional guidelines and best practices for cloud service providers and cloud service customers for the implementation of ISO 27002 information security controls to ensure the information security in cloud environments. Companies that have been awarded this certification has successfully established effective controls and policies for specific cloud-related security risks to protect consumer data obtained through the provision of cloud services.    

ISO 27018 is an international standard which provides a code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors, and is used in conjunction with the information security objectives and controls stipulated in ISO/IEC 27002. Companies that have been awarded this certification have established security measures in their capacity as public cloud computing service providers to protect PII when acting as PII processors. The ISO 27018 assures customers using Accredify’s cloud services that they are afforded a practical way to exercise their audit and compliance rights when conducting individual data audits in a complex multi-party cloud environment, even when it’s technically challenging and could raise security risks to existing network controls.  

Edmund Chew, Chief Risk Officer and Co-founder, Accredify, said “At Accredify, information security remains our utmost priority. The successful completion of our ISO/IEC 27017:2015 and ISO/IEC 27018:2019 certification audits, extends our existing Information Security Management System achieved through our ISO/IEC 27001:2022 certification. This emphasises our unwavering dedication to uphold the most stringent information security standards. These efforts exemplify our commitment to safeguard and effectively manage our users’ information.”  

Accredify was audited against the ISO 27017:2015 and ISO 27018:2019 standards. Developed by the International Organization for Standardization (ISO), ISO 27017 is an international standard that provides guidelines for securing information in cloud environments, addressing the unique challenges of cloud computing while ISO 27018 focuses on protecting PII in the cloud. Organisations that have been awarded the ISO 27017:2015 and ISO 27018:2019 certifications have met the requirements for establishing robust security practices in their cloud operations and ensuring the privacy and protection of PII in cloud environments, instilling trust and confidence among their stakeholders and customers.  

For more details on Accredify’s information security measures, please visit this link. 


About Accredify  
Accredify is pioneering the world’s transition to verifiable data. Accredify is Asia Pacific’s multi award-winning leading verifiable technology solutions provider. By enabling automation and secure information exchange, Accredify provides clientele with the technology to simplify complex processes and discover new frontiers of digital trust. With a dedicated team that embraces the highest standards of customer service, security, and privacy, Accredify’s mission is to be the foremost verifiable technology solutions provider for moments when trust matters most. In 2023, Accredify was recognised as a World Technology Leader and included in Forbes Asia 100 to Watch Companies. 

For more information, visit and follow us on LinkedIn @Accredify.

Media Contact 
Jessica Tan Shu En  
Chief Marketing Officer, Accredify 

What Can We Do For You Today?

Whether you are looking to transform your business, have questions about our solution, or curious to explore new use cases with verifiable information, we are always happy to chat!