Our Certifications

ISO 27001 – Information Security Management System

ISO 27001 is the world’s best-known standard for information security management systems (ISMS).
The ISO 27001 standard provides companies of any size and from all sectors of activity with guidance for establishing, implementing, maintaining and continually improving an information security management system.
Conformity with ISO 27001 means that an organization or business has put in place a system to manage risks related to the security of data owned or handled by the company, and that this system respects all the best practices and principles established in this International Standard.


SOC 1 – Type 2 Reports covering internal controls over financial reporting systems

These reports, written as per AT-C section 320 (Reporting on an Examination of Controls at a Service Organization Relevant to User Entities’ Internal Control Over Financial Reporting), are specifically intended to meet the needs of entities that use service organizations (user entities) and the CPAs that audit the user entities’ financial statements (user auditors) to assess the effect of the service organization controls on the user entities’ financial statements.


SOC 2 – Type 2 report covering Security, Availability, Integrity, Confidentiality, and Privacy

These reports are intended to meet the needs of a broad range of users that require detailed information and assurance about the controls related to the security, availability, and processing integrity of the systems a service organization uses to process users’ data, as well as the confidentiality and privacy of the information processed by these systems. These reports can play a crucial role in:

  • The overview of the organization
  • Vendor management programs
  • Internal corporate governance and risk management processes
  • Regulatory oversight

PCI – Validation of controls around cardholder data to reduce credit card fraud

Created in 2006 by the Payment Card Industry Security Standards Council, this certification was initially established by the American Express, Discover, JCB, MasterCard, and Visa networks.

The main goal of PCI Compliance is to guarantee the security of sensitive data in financial transactions using cards in virtual environments.

The PCI DSS certification is thus mandatory for all companies that process, store, and share credit and/or debit card data over the internet.


DPF – Data Privacy Framework

The DPF is a certification designed to ease transatlantic commerce by providing US organizations with reliable mechanisms for personal data transfers from European countries to the United States. As such, it is essentially a program composed of a number of mechanisms for international transfers of personal data. It comes from the European Commission’s adequacy decision for the EU-U.S.

VTEX U.S. is certified under all 3 DPF Programs:

  • The EU-U.S. Data Privacy Framework (EU-U.S. DPF),
  • The UK Extension to the EU-U.S. Data Privacy Framework (UK Extension to the EU-U.S. DPF), and
  • The Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).

The VTEX Data Privacy Framework Verification Seal is available here.

The VTEX Data Privacy Framework Certification is publicly available at the DPF Program website.