Skip to main content

Security Overview

Understand Konfir’s security model, controls, certifications, and trust documentation in one place.

Jacob avatar
Written by Jacob
Updated over 2 weeks ago

Konfir is designed to handle employment and income verification data securely and transparently. Our platform replaces manual, high-risk verification processes (such as email-based referencing) with a consent-driven workflow that applies modern security controls and clear access governance.

Disclaimer: This article provides a high-level overview of Konfir’s security approach. For formal assurance materials, certifications, and legal terms, refer to: https://www.konfir.com/client/security. This includes links to:

  • Organisation Terms

  • End User Terms

  • Privacy Notice

  • Subprocessors

  • Retention Schedule

  • ISO27001 and UKDIATF certificates

  • Information Security Position Statement


Security principles

Konfir’s security model is built around a few consistent principles:

  • Secure by default - sensible defaults reduce setup and operational risk

  • Least privilege - users only get the access they need

  • Auditability - key actions are attributable and reviewable

  • Data minimisation - only the data required for verification is processed


Core security measures

Konfir secures verification data through multiple reinforcing layers, including:

  • Encryption - in transit and at rest

  • Role-based access controls within customer workspaces

  • Monitoring and audit logging to detect anomalous behaviour

  • Operational security testing and vulnerability management

  • Industry-standard cloud infrastructure designed for secure, resilient operation


Access and workspace security

Access to Konfir workspaces (Konsole) is governed by:

  • Workspace roles and permissions

  • Admin approval workflows for access requests

  • Optional Multi-Factor Authentication (MFA)

To understand what your organisation should do to manage workspace access safely, see: Your security responsibilities


Compliance and assurance

Konfir maintains security and trust controls aligned with recognised frameworks and standards, which may include:

  • ISO 27001

  • UK Digital Identity & Attributes Trust Framework (UKDIATF)

  • UK GDPR and applicable data protection law

Certificates and formal documentation are available via: https://www.konfir.com/client/security

Did this answer your question?