Developers, engineers, and security executives face a dual challenge: coding robust, secure products, apps, and other innovative solutions while ensuring compliance with an increasingly complex web of global regulations. As threat vectors multiply and regulatory frameworks tighten, the need for comprehensive security partner and integrators has never been more critical.

Verimatrix is deeply committed to maintaining robust security management, data privacy, and upholding data sovereignty, and we wanted to take you behind the scenes to showcase how we live up to our compliance commitments.

Certifications

Verimatrix’s commitment to security excellence is evidenced by its impressive array of industry-recognized certifications. The company holds certifications from multiple governing bodies, including:

  • ISO-27001-2022: This certification demonstrates Verimatrix’s adherence to best practices in information security management. The 2022 update includes new controls in areas such as threat intelligence, cloud service security, and secure coding (updated in 2024).
  • ISO-9001: This standard certifies Verimatrix’s quality management system, ensuring consistent delivery of high-quality products and services that meet customer and regulatory requirements (updated in 2024).
  • EMVCo: Verimatrix’s XTD product received a certification from EMVCo, validating its security measures for mobile payment technologies (updated in 2023).
  • Farncombe Security Audit: Verimatrix has a Farncombe Security Audit Certificate for its VCAS product family, signaling compliance with rigorous content protection standards set by major Hollywood studios (updated in 2020).

Global Data Privacy Regulations

In an era where data privacy has become a fundamental right, Verimatrix has taken significant steps to ensure compliance with major data privacy regulations worldwide. The company’s security solutions and business processes are engineered to comply with:

Securing Platforms, Products, and Processes

Verimatrix’s commitment to security extends to every aspect of its operations. Key security measures include:

  • Multi-Factor Authentication (MFA): Verimatrix supports MFA for accessing its products and cloud services, blocking approximately 99.9% of account compromise attempts.
  • Data Encryption: The company employs TLS 1.2 ciphers for data in transit and AES256 encryption for data at rest, ensuring data integrity and confidentiality.
  • Vulnerability Testing: Regular application-level and infrastructure-level vulnerability assessments are conducted by both independent and internal entities.
  • Personnel and Access Management: Strict access controls are implemented based on individual roles and operational requirements.
  • Security Management: All employees undergo annual privacy and security training, with additional certifications required for those with elevated access levels.
  • System Monitoring: Extensive monitoring and logging are conducted across all servers, routers, and systems within the production environment.
  • Data Protection Compliance: Verimatrix maintains rigorous security controls, including data encryption, access controls, and robust incident response protocols.
  • Data Center Security: Through a partnership with Amazon Web Services (AWS), Verimatrix offers multiple data center locations, allowing customers to choose where their data resides and ensuring compliance with local privacy laws.

Enhancing Customer Security Posture

Verimatrix goes beyond merely securing its own operations; it actively helps customers improve their security posture by aligning its solutions with rigorous standards and best practices. Some key areas where Verimatrix provides support include:

  • OWASP Top 10 Mobile App Vulnerabilities: Verimatrix XTD effectively addresses nine out of the ten OWASP mobile app vulnerabilities, offering a comprehensive suite of security solutions tailored to enhance mobile application safety.
  • MovieLabs Enhanced Content Protection: Verimatrix’s video security solutions are meticulously engineered to align with these specifications for Ultra HD content, ensuring top-tier security in handling high-value digital content.
  • ISO/SAE 21434 – Automotive Cybersecurity: While not certified, Verimatrix’s solutions are designed to help automotive organizations and suppliers comply with this standard’s cybersecurity guidelines.
  • PCI Standards (SPoC, CPoC, MPoC): Verimatrix offers comprehensive solutions to help secure payment applications in line with these Payment Card Industry standards.
  • NAIC Cybersecurity Guidelines: The company’s solutions help insurance organizations comply with the US National Association of Insurance Commissioners’ cybersecurity recommendations.
  • PSD2 (Payment Services Directive 2): Verimatrix XTD provides robust protection for mobile banking apps, helping financial institutions meet the directive’s strong security requirements.
  • Digital Markets Act (DMA): As the DMA encourages the proliferation of third-party app marketplaces, Verimatrix XTD helps developers secure their applications across diverse distribution channels.
  • CISA OMB Attestation Mandate: Verimatrix’s comprehensive suite of security solutions assists developers in meeting the rigorous standards required for federal software contracts.
  • Europe’s Cyber Resilience Act: The company’s “security by design” approach aligns perfectly with the forthcoming act’s requirements for digital product security.
  • NYDFS NYCRR 500: Verimatrix offers cybersecurity solutions to help New York financial institutions comply with this regulation’s stringent requirements.

The Net Net

Verimatrix offers a comprehensive security stack to addresses the full spectrum of modern cybersecurity challenges. By adhering to these regulations, Verimatrix not only protects itself from potential legal and financial repercussions but also helps its customers maintain compliance in their own operations. And we’re proud of that.