Governance, Risk, Compliance (GRC)How we manage compliance — and how our products can help our customers comply with compliance, too
With each new product, technology, or partnership comes new questions to answer and decisions to be made for security and privacy. A robust GRC framework helps to ensure Verkada can make those decisions while maintaining compliance, effectively managing risks, and establishing a strong governance structure that promotes sound decision-making and performance management.
- Verkada’s Chief Information Security Officer oversees our security program, leads Verkada’s security team, and reports directly to our Chief Technology Officer (who reports to our CEO). Our CISO also presents quarterly updates to Verkada’s Board of Directors about the status and performance of our security program.
- Verkada has a Security Governance Committee, which includes senior leadership, that manages Verkada’s security strategy and risk management, and monitors the performance of the security program.
- Verkada’s security team conducts regular compliance audits, sharing information captured through continuous compliance monitoring.
Verkada’s security practices align with a variety of standards that support customers’ security requirements.
Verkada conducts independent security assessments of Verkada Systems at least quarterly.
To assess and identify areas for improvement in our systems, Verkada utilizes industry standard questionnaires, including:
Verkada completes annual SOC 2 Type 2 examinations for the Security Trust Service Criteria.
Texas Risk and Authorization Management Program provides review of security measures taken by cloud products and services that are used by Texas agencies. As of April 21, 2022, Verkada has Provisional TX-Ramp status.
Documentation for these security standards are available here .
The Consensus Assessments Initiative Questionnaire offers an industry-accepted way to document which security controls exist, providing security control transparency.
The Higher Education Community Vendor Assessment Toolkit is designed specifically for colleges and universities to confirm that data and cybersecurity policies are in place to protect sensitive institutional information.
- Verkada and our customers operate within a variety of regulatory regimes. We have designed our products and our internal practices to address these regulatory obligations in a way that supports our customers’ compliance needs.
- HIPAA: For customers in the healthcare industry who are “covered entities” under HIPAA, Verkada supports their compliance with their HIPAA obligations as a Business Associate.
- GDPR: With respect to our customers’ personal data processed by Verkada products, Verkada acts as a data processor. We enter into the Standard Contractual Clauses with our customers by means of our Data Processing Addendum in order to establish an adequate basis for the transfer of personal data from the U.K./EU to the U.S.
- U.S. State Privacy Laws: Verkada designs its privacy practices in order to meet the evolving standards established by comprehensive state-specific privacy laws promulgated in the U.S.
At Verkada, we continually strive to make our products comply with applicable laws and regulations around the world. Currently, Verkada’s products, including cameras and alarms, meet the compliance standards for sale in the US, Canada, the UK, the EU, Australia, and New Zealand. Additional certifications may also be available upon request.
Information regarding specific products and features is below.
Alarms Compliance & Availability
Read more about where Verkada’s alarm software, hardware products, wireless products, cellular products and emergency services dispatch are currently available.
People Analytics Compliance & Availability
Read more about where Verkada’s People Analytics functionality may not be currently available.
More information about the specific product specifications, including hardware certifications, for each camera or alarm may be found in the “Learn More” link in the product descriptions.