Trust Hub

Our mission is to protect people and property in a privacy-sensitive way. We do this by helping our customers operate smarter, safer buildings. With such a bold mission, we know that first and foremost we must earn our customers’ trust — trust in us as a company and in our products. To earn that trust, we center our business around five pillars:

Governance, Risk, Compliance (GRC)

How we manage compliance — and how our products can help our customers comply with compliance, too

With each new product, technology, or partnership comes new questions to answer and decisions to be made for security and privacy. A robust GRC framework helps to ensure Verkada can make those decisions while maintaining compliance, effectively managing risks, and establishing a strong governance structure that promotes sound decision-making and performance management.

Verkada’s Chief Information Security Officer oversees our security program, leads Verkada’s security team, and reports directly to our Chief Technology Officer (who reports to our CEO). Our CISO also presents quarterly updates to Verkada’s Board of Directors about the status and performance of our security program.
- Verkada has a Security Governance Committee, which includes senior leadership, that manages Verkada’s security strategy and risk management, and monitors the performance of the security program.
  Verkada’s security team conducts regular compliance audits, sharing information captured through continuous compliance monitoring.
Verkada’s security practices align with a variety of standards that support customers’ security requirements.
Verkada conducts independent security assessments of Verkada Systems at least quarterly.
- SOC 2
  Verkada completes annual SOC 2 Type 2 examinations for the Security Trust Service Criteria.
- TX-RAMP
  Texas Risk and Authorization Management Program provides review of security measures taken by cloud products and services that are used by Texas agencies. As of April 21, 2022, Verkada has Provisional TX-Ramp status.
To assess and identify areas for improvement in our systems, Verkada utilizes industry standard questionnaires, including:
- CAIQ
  The Consensus Assessments Initiative Questionnaire offers an industry-accepted way to document which security controls exist, providing security control transparency.
- HECVAT
  The Higher Education Community Vendor Assessment Toolkit is designed specifically for colleges and universities to confirm that data and cybersecurity policies are in place to protect sensitive institutional information.
Documentation for these security standards are available here .
Verkada and our customers operate within a variety of regulatory regimes. We have designed our products and our internal practices to address these regulatory obligations in a way that supports our customers’ compliance needs.
- HIPAA: For customers in the healthcare industry who are “covered entities” under HIPAA, Verkada supports their compliance with their HIPAA obligations as a Business Associate.
- GDPR: With respect to our customers’ personal data processed by Verkada products, Verkada acts as a data processor. We enter into the Standard Contractual Clauses with our customers by means of our Data Processing Addendum in order to establish an adequate basis for the transfer of personal data from the U.K./EU to the U.S.
- U.S. State Privacy Laws: Verkada designs its privacy practices in order to meet the evolving standards established by comprehensive state-specific privacy laws promulgated in the U.S.
At Verkada, we continually strive to make our products comply with applicable laws and regulations around the world. Currently, Verkada’s products, including cameras and alarms, meet the compliance standards for sale in the US, Canada, the UK, the EU, Australia, and New Zealand. Additional certifications may also be available upon request.
Information regarding specific products and features is below.