Security & Compliance


Recognized as a trusted partner of many organizations, Verified First is committed to maintaining a strong security and compliance culture centered on our applications, partners, vendors, and customers. Here's how we do it.


Our Commitment to Security & Compliance

EU Data Protection Laws (GDPR)

At Verified First, we’re committed to providing high-quality, compliant products and services to our clients, which is why we align with EU data protection laws, such as the General Data Protection Regulation (GDPR). Verified First clients, can rest assured that, as their background screening provider, we’ve taken the necessary steps to protect the data you and your candidates provide us.

Service Organization Controls (SOC 1 & SOC 2)

Service Organization Controls (SOC) reports are designed to help build trust and confidence in the services performed and controls of a service organization. Verified First is SOC 1 compliant and SOC 2 compliant. 

SOC 2 Compliance Badge

Amazon Web Services (AWS)

Verified First leverages Amazon Web Services (AWS) to deliver our applications and associated services to our valued customers. AWS aligns with the following standards, frameworks, and regulatory schemes:

  • SOC 1, SOC 2, SOC 3
  • ISO 9001, ISO 27001, ISO 27017, ISO 27018
  • ISAE 3402
  • FedRamp
  • PCI DSS - Level 1

PBSA Accreditation

The Professional Background Screening Association (PBSA) offers an accreditation program for Consumer Reporting Agencies (CRAs) located in the United States. As a Verified First Client, you can rest assured that, as your background screening provider, we've taken the necessary steps to deliver accurate and reliable information concerning a candidate's background.

NIST 800-53

The National Institute of Standards and Technology (NIST) is responsible for developing information security standards and guidelines, including minimum requirements for federal information systems. Verified First is NIST 800-53 compliant.


Verified First is committed to protecting consumer credit card data in compliance with the Payment Card Industry Data Security Standard (PCI DSS). Our alignment with this standard is reflected in the people, technologies, and processes we employ. 

California Consumer Protection Act (CCPA)

Verified First is compliant with the California Consumer Protection Act (CCPA) requirements as defined below:

  • The right to know about the personal information a business collects about them and how it is used and shared
  • The right to delete personal information collected from them
  • The right to opt-out of the sale of their personal information
  • The right to non-discrimination for exercising their CCPA rights

To block adverse items for victims of human trafficking, refer to the instructions listed here:

For additional information on our commitment to security and compliance, check out these helpful resources:

Still have questions? Please reach out to our Client Services team.