HID Origo Regulatory Compliance

HID undergoes regular internal and external security audits on the organization as well as all the HID Origo platform components to ensure our solutions comply with industry security standards and best practices.

We use the services by Amazon in HID Global which are certified by the following assurance programs: SOC, PCI, ISMAP, FedRAMP, DoD CC SRG, HIPAA BAA, IRAP, MTCS, C5, K-ISMS, ENS High ,OSPAR ,HITRUST CSF, FINMA and GSMA Further details can be viewed at Amazon’s compliance page: https://aws.amazon.com/compliance/services-in-scope/

HID Origo Services
API Gateway DynamoDB ElastiCache for Redis RDS S3 Glacier
VPC Glue Systems Manager Athena EBS GuardDuty SES
VPC ACM IAM Application Load Balancer (ALB) Aurora EC2
Kinesis Data Firehose SNS ACM Config IoT Core Network Load Balancer (NLB)
CloudFront ECR Kinesis Data Streams SQS Config Direct Connect KMS
CloudWatch + Logs ECS MSK S3 Direct Connect Fargate Lambda


ISO 27001 logo

HID Global maintains an Information Security Management System, certified according to the ISO/IEC 27001 standard, to govern security controls for the development and ongoing operations of the HID Origo services which includes:

  • HID Origo Cloud Platform and Services:
    • HID Origo Mobile Identities
    • HID Origo Management Portal
    • HID Origo Connected Architecture
  • HID Authentication Service (AaaS)
  • HID Approve


CSA logo

HID Origo Cloud Services has also performed a self-assessment based off of the Cloud Controls Matrix by Cloud Security Alliance. The technical report covers the following domains:

  • Application and Interface Security
  • Audit Assurance and Compliance
  • Business Continuity Management and Operations ResilienceChange Control and Configuration Management
  • Data Security and Information Lifecycle Management
  • Datacenter Security
  • Encryption and Key Management
  • Governance and Risk Management


AICPA logo

HID Origo Mobile Identities has achieved SOC 2 Type 2 compliance.

  • Issued by the Association of International Certified Professional Accountants (AICPA), the Service and Organization Controls (SOC) standard covers security, availability, processing integrity, confidentiality and privacy related to the evaluated set of services.
  • This attestation implies that HID Origo Mobile Identities has been independently examined as being able to deliver upon service commitments in terms of the AICPA Trust Services Criteria relevant to security and availability.
  • Achieving SOC 2 Type 2 demonstrates that HID Origo Mobile Identities follows the defined process, industry best practices, maintain its infrastructure, protects the systems and ensuring the product meet all types of deployments up to an enterprise level.



OWASP logo

The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications.

NIST logo

The Secure Software Development Framework (SSDF) is a set of fundamental, sound, and secure software development practices based on established secure software development practice documents from organizations such as BSA, OWASP, and SAFECode.

BSA logo

The Software Alliance has developed The BSA Framework for Secure Software to fill that gap. The Framework offers an outcome-focused, standards-based risk management tool to help stakeholders in the software industry – developers, vendors, customers, policymakers, and others – communicate and evaluate security outcomes associated with specific software products and services.

BSIMM logo

Building Security In Maturity Model (BSIMM) is a study of current software security initiatives or programs. It quantifies the application security (appsec) practices of different organizations across industries, sizes, and geographies while identifying the variations that make each organization unique.