For the best web experience, please use IE11+, Chrome, Firefox, or Safari

OneLogin Compliance Commitment

As a security-first company, data and privacy protection are our # 1 priority.

ISO 27001:2013

The ISO 27001:2013 standard helps organizations keep information assets secure. Using this family of standards helps OneLogin manage the security of assets such as financial information, intellectual property, employee details, and information entrusted to us by third parties. An independent body has audited our compliance with this standard and issued our ISO 27001:2013 certificate, which required annual audits to maintain.

What’s the primary purpose of this initiative?

Provides an independent assessment and certification of OneLogin’s Information Security Management System (ISMS). The ISMS includes all aspects of security and privacy that impact both OneLogin and its customers.

What’s the scope?

The scope of the ISO 27001:2013 certification is the ISMS supporting the management of the infrastructure and services used to support OneLogin’s Enterprise Identity and Access Management solution.

How often are you evaluated/audited?

A comprehensive certification audit is performed every three years and surveillance audits are performed 12 and 24 months after each comprehensive audit. In addition, OneLogin performs an annual internal audit using an independent third party as part of the ISO 27001:2013 requirements.

Who is the primary audience?

Customers and relevant third parties with a business need.

Responsible Disclosures

We take security seriously at OneLogin. As part of our ongoing commitment to provide a best-in-class cloud service, we leverage independent third parties to help us strengthen our security. If you think you have discovered a security vulnerability, we appreciate your help in disclosing it to us in a responsible manner.

Report a vulnerability or view our Security Hall of Fame

Are you a Security Researcher?

We are always looking for talented individuals with security experience.