Compliance-first, verified by independent audit.
ASTERIA KYC holds six ISO certifications covering information security, privacy management, AI governance, cloud security, cloud privacy, and liveness detection. Each certification is audited annually by an accredited external certification body.
Six certifications. One compliance-first platform.
ISO certification is the internationally recognised standard for documenting and verifying management system controls. ASTERIA KYC is certified across the full range of domains relevant to regulated identity infrastructure.
ISO/IEC 27001
Certified 2023 · Annual Audit
Information Security Management
The international standard for information security management systems. Covers security controls, risk assessment, and incident management across all data processing operations.
ISO/IEC 27701
Certified 2023 · Annual Audit
Privacy Information Management
Extension of ISO 27001 covering privacy information management for PII controllers and processors. GDPR alignment documentation included. DPA available on request.
ISO/IEC 42001
Certified 2024 · Annual Audit
AI Management System
The first international standard for AI management systems. Covers AI risk assessment, governance, transparency, and accountability for AI-driven decision-making in KYC processes.
ISO/IEC 27017
Certified 2023 · Annual Audit
Cloud Security Controls
Cloud-specific information security controls extending ISO 27001 for cloud service providers and cloud customers. Covers shared responsibility model, virtual machine protection, and cloud-specific access management.
ISO/IEC 27018
Certified 2023 · Annual Audit
Cloud Privacy Protection
Code of practice for protection of personally identifiable information in public cloud computing environments. Covers data use, disclosure, retention, and transfer for cloud-hosted PII.
ISO/IEC 30107-3
Certified 2024 · Annual Audit
Liveness Presentation Attack Detection
The international standard for biometric presentation attack detection. Certifies that the ASTERIA KYC liveness detection system meets the required performance levels for all defined attack categories.
GDPR-native architecture, not a retrofit.
ASTERIA KYC was designed around GDPR requirements from the ground up — data minimisation, purpose limitation, and retention controls are platform features, not policy overlays.
Lawful Basis Documentation
Every processing activity has a documented Article 6 lawful basis. Processing records available for DPA and regulatory review.
Data Minimisation
Only the data required for the specific verification purpose is collected and retained. No speculative data collection or secondary use without documented basis.
Data Subject Rights
Erasure, access, and portability request handling built into the platform. Configurable retention periods with automated deletion.
Cross-Border Transfer Controls
Standard Contractual Clauses and adequacy decision coverage for data transfers. Data residency options available for EU, UK, and APAC customers.
Your data stays where you need it.
ASTERIA KYC offers data residency options for customers with jurisdiction-specific data location requirements.
🇪🇺
European Union
Data processed and stored within EU-region infrastructure. ISO 27017 certified cloud environment. GDPR adequacy confirmed.
🇬🇧
United Kingdom
Data processed and stored within UK-region infrastructure. UK GDPR compliant. UK adequacy decision maintained.
🌏
Asia Pacific
APAC data residency available for Singapore, Japan, and Australia. Regional infrastructure with local compliance documentation on request.
Ready to turn identity verification into a controlled compliance workflow?
Use ASTERIA KYC to verify users, screen risk, and preserve evidence from one connected platform.