What DeleteMe’s New ISO 27001 Certification Means for Your Privacy

DeleteMe is now ISO 27001:2022 certified—an internationally recognized gold standard for information security. For our security team and our customers, that’s a big deal. Here’s why. 

What is ISO 27001?

ISO 27001 is an internationally recognized standard for information security management; in plain English, it sets the bar for how organizations protect data. For DeleteMe customers, that includes all the data we use to give you agency over your online privacy.

This is not a self-reported certification. An independent third party audits your systems and signs off only when the evidence holds up. Think of it as a verified promise, not just a stated one.

What does it take to get an ISO 27001 certification? 

Most organizations run on institutional habit — informal practices that live in people’s heads instead of where they belong: in documented processes. ISO 27001 fixes that. Certification requires formalizing your entire security operation: internal and external audits, staff training, and documented evidence that your policies are actually followed, not just written down.

Specifically, that means four things: a scope statement defining what we protect, a risk assessment identifying what we’re protecting against, a statement of applicability covering which of ISO 27001’s 93 controls apply to us, and evidence — logs, records, documentation — proving we do what we say we do.

Certification requires:

• A Scope Statement – What we protect
• A Risk Assessment – What we want to protect against
• A Statement of Applicability (SoA) – Which of ISO 27001’s 93 rules we are following
• Evidence – Logs, records, and other types of documentation that prove we actually do what our policies say

How long is DeleteMe’s ISO 27001 certification valid?

Three years — but that doesn’t mean three years of coasting. Annual audits are required throughout, and any gaps identified have to be corrected immediately. The certification stays only as long as the standards do.

Is ISO 27001 better than DeleteMe’s SOC 2 certification? 

DeleteMe is already SOC 2-certified, so why is ISO 27001 important? 

System and Organization Controls is a standard that the AICPA developed as a way to evaluate internal security controls. SOC 2 demonstrates our commitment to manage customer data with the utmost privacy and security, but there are some key differences between SOC 2 and ISO 27001. 

SOC 2 is U.S.-specific while ISO 27001 is international. SOC 2 is a look back at how well the organization’s security controls operated within a specific timeframe, while ISO 27001 is a look forward at how we intend to protect information security management systems. 

SOC 2 also tends to be less rigid, allowing companies to establish their own controls rather than holding them to a strict standard. ISO 27001 requires strict adherence to specific requirements. 

Lastly, the specifics of our SOC 2 compliance are to be shared only under a non-disclosure agreement and aren’t public-facing, whereas you can confirm our ISO 27001 compliance for yourself and view our status at any time. 

Why is ISO 27001 necessary for DeleteMe?

To remove your data from broker sites, we need some of it first. When you sign up, that means your name, address, phone number, and financial information. We hold sensitive data in order to eliminate it — which means the security of what we hold is not an afterthought. It’s the whole point.

No security measures are absolute. But this certification is our documented, verified commitment that we take that responsibility seriously.

Before you go

We’ve protected our customers’ data since 2011, and that won’t change. The difference now is that you don’t have to take our word for it.

For more information on our practices, visit our security page or browse our FAQ. 

In the meantime, stay safe out there. 

Learn more: 

• See where your data is exposed with our free scan.
• Cut your digital footprint with these five-minute privacy tips. 
• Read our 2026 data privacy predictions for consumers.