.png?width=365&height=122&name=BTLogo%20(1).png)
Beyond the SOC 2: Why We Doubled Down on Privacy with ISO 27701
Security has always been the floor, not the ceiling at Basis Theory. Most companies start and often end their compliance journey with a SOC 2. And while SOC 2 is a great baseline for security, it doesn't always answer the more nuanced questions about how a platform handles the lifecycle of personal data.
As we continue to help global enterprises secure their most sensitive data, we wanted to go further. Today, we’re excited to announce that Basis Theory has officially achieved ISO/IEC 27701 certification.
What is ISO 27701?
If ISO 27001 is the gold standard for Information Security Management (ISMS), think of ISO 27701 as its privacy-obsessed sibling. It is the international standard for a Privacy Information Management System (PIMS).
While security focuses on the protection of data (encryption, access controls, uptime), privacy focuses on the rights associated with that data. Achieving this certification means our internal processes, from how we build new features to how we manage our sub-processors, have been independently audited to ensure we are managing Personally Identifiable Information (PII) with the highest level of accountability.
For our customers, this saves your compliance and legal teams from a massive amount of manual heavy lifting. When you’re building on Basis Theory, you’re inheriting a platform that was designed to meet the rigorous requirements of the GDPR, CCPA, and other global privacy frameworks.
Strengthening the Transatlantic Bridge
In addition to our ISO certification, we are also active participants in the EU-U.S. Data Privacy Framework (DPF).
Cross-border data transfers have been a moving target for years. The DPF provides a reliable, legal mechanism for transferring personal data from the EU to the U.S.
By participating in this framework, we’re ensuring that our European partners can utilize our tokenization and vaulting infrastructure without the legal headaches often associated with "standard contractual clauses" alone.
Privacy is a Product Feature
We didn't pursue these certifications just to check a box for a sales RFP. We did it because we believe that privacy should be baked in. We have a Privacy by Design policy that embeds privacy considerations into the earliest stages of feature development and outlines a set of rigorous privacy principles that inform our product design.
The more we harden our own privacy posture, the better equipped we are to help you harden yours. Whatever Basis Theory platform features you choose to build on, you can be confident that the foundation you’re building on is held to a global standard of excellence.
We’re proud of the team for the hard work that went into this audit, but we aren't stopping here. Privacy is a moving target, and we’ll continue to evolve our platform to stay ahead of the curve.
Visit our Trust Center to find answers to questions about our security posture. Need a copy of our latest certifications? Reach out to us at security@basistheory.com.
