Veza is the identity security platform for the modern enterprise
Our security values
Security is a first-class citizen at Veza, considered during the design phase and carried all the way through to implementation, deployment, and operations. We embrace industry best practices including regular independent penetration testing, data-at-rest and inflight encryption, strict production access RBAC controls, complete tenant isolation and zero external access by design. Veza also consumes its own products to monitor and assure the security of its production, development, and testing environments.

Establish Trustworthiness
We design into all our business, development, and operational processes to maintain the confidentiality, integrity, and availability of our customers’ data.

Demonstrate Trustworthiness
We stand ready to explain and demonstrate the safeguards we’ve implemented and meet customers’ security obligations to their customers.

Deepen Trustworthiness
Technology, regulations, and business change quickly. Veza is committed to adapting and improving our safeguards to ensure the data our customers entrust to us is always protected.


Secure on all fronts

SaaS Security
-Regular penetration tested by 3rd parties
-Protection by firewall
-Veza-on-Veza to proactively self-monitor and assure the security of the access landscape
-Multi-Factor Authentication required for all dev environments
-Strict tenant isolation

Platform Security
-End to end TLS encryption for the data pipeline
-Zero external access beyond published APIs

Product Security
-Review and vulnerability scan for source code
-Vulnerability scan for product before deployment

Operational Security
-Full auditing of all activity
-Severely restricted least-privilege RBAC operational access
-Security training for all employees

SOC 2 Type II
Veza is both SOC 2 Type I and SOC 2 Type II compliant, demonstrating our dedication to security and compliance across the organization, processes, people, and technology.

ISO 27001
ISO 27001 certification demonstrates Veza’s commitment to implementing and maintaining an effective information security management system. Veza’s ISO certification can be verified at Schellman
