Didit Is ISO/IEC 27001:2022 Certified (Cert ES144068)
Didit holds an ISO/IEC 27001:2022 certificate — Bureau Veritas, ENAC-accredited, cert nº ES144068, valid until 2027-06-03. Here is what ISO 27001 certifies, what Didit's certificate covers, and how to use it in procurement.
ISO/IEC 27001 is the international standard for information security — the one a regulated buyer's security team looks for first. Didit is certified to its latest revision. Didit holds an ISO/IEC 27001:2022 certificate issued by Bureau Veritas Certification (ENAC-accredited), certificate nº ES144068, originally certified 2026-04-07 and valid until 2027-06-03, issued to DIDIT IDENTITY SPAIN S.L.
This guide explains what ISO 27001 certifies, what is covered by Didit's certificate, the difference between certification and compliance, and how to put the certificate to work in your procurement file.
Key takeaways
- Didit is certified to ISO/IEC 27001:2022 — the current revision of the standard — not the older 2013 version.
- Certificate nº ES144068, issued by Bureau Veritas Certification, which is ENAC-accredited (ISO 17021, nº 4/C-SG041) — meaning an accredited third party verified the certification.
- Originally certified 2026-04-07, valid until 2027-06-03, issued to the EU entity DIDIT IDENTITY SPAIN S.L.
- Scope: the information security, cybersecurity, and privacy management system supporting the development, operation, and technical support of the Didit digital identity solution.
- The certificate is distributable — it can go straight into a vendor file, RFP response, or security questionnaire.
What ISO 27001 certifies
ISO/IEC 27001 is the international standard for an Information Security Management System (ISMS) — a documented, risk-based framework for managing the security of information assets. Certification to it is not a checklist of technical controls; it is verification that an organization runs a complete, continually improving management system around information security.
A certified ISMS requires, among other things:
- A defined scope and an information security policy approved by leadership.
- A risk assessment and treatment process that identifies threats and decides how to address them.
- A Statement of Applicability documenting which controls apply and why.
- Operational controls drawn from the standard's control set (the 2022 revision reorganised these into organizational, people, physical, and technological themes).
- Internal audit, management review, and corrective action — the continual-improvement loop that distinguishes a managed system from a one-time effort.
Crucially, ISO 27001 certification is issued by an accredited certification body after a formal audit — which is why the accreditation behind the certificate matters as much as the certificate itself.
Why the 2022 revision and the accreditation matter
Two details on Didit's certificate carry real weight in a security review:
It is the 2022 revision. ISO/IEC 27001:2022 superseded the 2013 version, modernising the control set — notably adding controls for threat intelligence, cloud-service security, data leakage prevention, and secure development. A certificate against 2022 tells a buyer the ISMS reflects the current standard, not an expiring one.
It is ENAC-accredited. The certificate is issued by Bureau Veritas Certification, accredited by ENAC (Entidad Nacional de Acreditación, Spain's national accreditation body) under ISO 17021. Accreditation is the chain of trust: it means an authoritative body has verified that the certifier itself is competent and impartial. An ISO 27001 certificate from an accredited body is materially stronger evidence than a self-declared or unaccredited one.
How Didit helps
A distributable, current certificate. Didit's ISO/IEC 27001:2022 certificate — cert nº ES144068, Bureau Veritas, ENAC-accredited, valid until 2027-06-03 — is distributable on request. It answers the ISO 27001 line on any RFP or security questionnaire and slots directly into an EU procurement file, a Spanish public-sector bid, or a regulated financial customer's vendor review.
Scope that matches the product. The certified scope (in the original Spanish) covers the Sistema de Gestión de Seguridad de la Información, Ciberseguridad y Protección de la Privacidad supporting the development, operation, and technical support of the Didit digital identity solution — that is, the management system around the actual identity-and-fraud platform you integrate, not a peripheral function.
A documented, continuous history. The management system was previously certified under the entity name MARKETS PROLIVE 360, S.L. since 2024-06-04 — the same ISMS, under a renamed entity. The certification is a continuing program, not a fresh-and-untested one.
Part of a broader stack. ISO 27001 sits alongside Didit's SOC 2 Type 1 attestation (Security, Availability, Confidentiality, as of 2026-04-09), iBeta Level 1 PAD biometric testing (0% attack success across 360 attempts), and the Spanish government sandbox conclusion that Didit's remote verification exceeds in-person standards. ISO 27001 evidences the management system; SOC 2 independently examines the controls; together they give a security team a complete picture.
Deep dive: ISO 27001 in your vendor file
For a procurement or GRC team, the certificate answers several questions at once. The fields to capture:
| Field | Value |
|---|---|
| Standard | ISO/IEC 27001:2022 (current revision) |
| Certificate number | ES144068 |
| Certification body | Bureau Veritas Certification |
| Accreditation | ENAC, ISO 17021, nº 4/C-SG041 |
| Certified entity | DIDIT IDENTITY SPAIN S.L. |
| Original certification | 2026-04-07 |
| Valid until | 2027-06-03 |
| Scope | ISMS supporting development, operation, and technical support of the Didit digital identity solution |
Pair it with Didit's SOC 2 Type 1 report (under NDA) for the two complementary lenses on information security — certified management system plus independently examined controls.
Use cases
- EU and Spanish public-sector procurement, where an accredited ISO 27001 certificate is frequently a tender requirement.
- Regulated financial customers (banks, EMIs, payments institutions) whose vendor-risk process expects ISO 27001 from a data-handling provider.
- Security and GRC teams mapping a provider's ISMS to their own control framework.
- RFP responses that require attaching a current, accredited information-security certificate.
Frequently asked questions
Which version of ISO 27001 is Didit certified to?
ISO/IEC 27001:2022 — the current revision of the standard, not the superseded 2013 version.
What is Didit's ISO 27001 certificate number?
Certificate nº ES144068, issued by Bureau Veritas Certification (ENAC-accredited).
When does the certificate expire?
It was originally certified on 2026-04-07 and is valid until 2027-06-03, at which point recertification is due.
Which entity holds the certificate?
DIDIT IDENTITY SPAIN S.L. The management system was previously certified under the MARKETS PROLIVE 360, S.L. name since 2024-06-04 — the same ISMS, renamed entity.
Can I get a copy of the certificate?
Yes. The ISO 27001 certificate is distributable on request — start at the security and compliance hub.
Ready to get started?
See Didit's full attestation stack on the security and compliance hub, explore the verification platform the certificate covers on the ID Verification product page, and review transparent per-check pricing on the pricing page. When you're ready, start free — 500 free KYC checks every month, on an ISO/IEC 27001:2022-certified platform.