Organizations struggle to secure identities and manage access while meeting compliance demands. Ory addresses this with a certified identity platform designed for zero trust security and protection against modern threats.
Open source ethos
We believe an open-source approach to building software leads to better security. But we don’t stop there. We also implement security best practices to ensure Ory products are compliant and secure.
Vulnerability management
Ory runs vulnerability scans in CI/CD, continuously monitors containers at runtime, and conducts third-party pen tests. A public disclosure and reward program encourages external security testing.
Technical and operational measures
Ory enforces HTTPS with TLS 1.2+, encrypts all data at rest with AES-256, securely stores passwords using salted bcrypt, and maintains encrypted backups with a regular backup strategy.
Secure cloud deployment
Ory runs on secure, compliant infrastructure via Google Cloud Platform. It logs all access for audit and incident analysis, and distributes services across multiple data centers and zones for high availability.
A certified identity platform
Learn more about Ory's commitment to data protection and compliance.
Secure identity and access management made easy
ISO 27001 certified
Choose Ory for robust and certified security. Our ISO 27001 compliance means you benefit from a systematic approach to information security, reducing risks and assuring your stakeholders their data is safe with us.
SOC 2 Type 2 certified
Gain peace of mind with our SOC 2 Type 2 commitment. This in-depth audit confirms our effective and consistently operating controls, ensuring the safety, accessibility, and privacy of your critical data.
PCI DSS compliant
Ory is has achieved Payment Card Industry Data Security Standard (PCI DSS) SAQ D for Service Providers compliance, demonstrating adherence to one of the industry’s most rigorous frameworks for protecting sensitive data through comprehensive security controls, governance processes, and operational safeguards.
GDPR compliant
Built with GDPR in mind. We make it easy for our customers to respect the rights of data subjects.
Organizational excellence, experienced developers
Ory implements least privilege principles, undergoes regular access control audits, and follows an extensive code review, testing, and analysis process. Our developers are trained on and adhere to secure coding standards, including applying OWASP Top 10 implementation guidance.
Industry-standard best practices
We use best practices including zero trust security, encryption, third-party penetration testing, vulnerability scanning, and others.
The comprehensive identity stack
Ory offers compliance-focused identity infrastructure for the cloud, self-hosted, or wherever you like. Scale your business and don’t lose sleep over regulations, frameworks, and compliance.
