Security isn’t a one-time milestone at Ory—it’s our foundation. Learn why our ISO 27001:2022 recertification reinforces our multi-year commitment to billion-scale identity security.
How Apple broke "Sign in with Apple" with an unannounced and silent redirect
At Ory, discipline and rigor in security controls are not new initiatives; they are the very foundation upon which our company was built. We are proud to announce that we have successfully achieved ISO/IEC 27001:2022 recertification.
While some might treat certification as a checkbox, for Ory, it is a formalization of the security-first culture that has been part of our fabric for years. Having maintained our ISO 27001 status since April 2023, this recertification underscores our ongoing commitment to protecting the most sensitive data of our global customers and stakeholders.
Ory first attained ISO 27001 certification three years ago. Since then, we have treated security as a continuous process of improvement rather than a point-in-time event. In a world where Identity and Access Management (IAM) is the new control plane for autonomous agents, being the gatekeeper to sensitive systems requires a partner whose infrastructure is built on a battle-tested, audited architecture.
To verify our continued excellence, we underwent an independent assessment from BARR Certifications, an accredited auditing firm. The audit confirmed that our Information Security Management System (ISMS) continues to meet the rigorous international requirements for managing and reducing information security risks.
"Achieving recertification is a testament to the fact that security is not just a feature at Ory; it is our foundation," said Ory CEO Jeff Kukowski. "As identity-based attacks evolve, especially through expanded use of Agentic AI, our partners can trust that their infrastructure is supported by a team that has maintained world-class operating protocols for years".
For our customers, an ISO-compliant IAM partner offers several key advantages:
We believe that a single certificate is just the floor. Ory’s security posture is built on multiple layers:
Current and prospective customers can view our updated ISO/IEC 27001:2022 certification, alongside our latest SOC 2 Type 2 report, in the Ory Trust Center.
