ICF is committed to your data privacy

We respect the confidentiality of all personal data–whether regarding our clients, their stakeholders, our employees, our partners, or any other party. We take significant measures and precautions to protect their data.

We have a comprehensive data protection program with consistent global privacy standards to ensure we meet our obligations across the countries and regions where we operate. Our policies and procedures are built on a strong foundation of internationally accepted privacy principles of transparency, accountability, and individual rights. We seek to continuously improve and enhance our framework and carry on our tradition of upholding high standards in collecting and processing personal data across our business practices and services.

We have undergone independent third-party audits to secure multiple certifications, including:

  • ISO 27001 validates that ICF’s Information Security Management System preserves the confidentiality, integrity, and availability of information by applying a risk management process and adhering to the ISO27001/27002 standards and information security best practices.
  • Statement on Standards for Attestation Engagements (SSAE) 18 Service Organization Control 2 (SOC2) – a standard for evaluating internal controls that attests to our core corporate pertaining to trust services principles and criteria for security, confidentiality, integrity, availability, processing, and privacy.
  • National Institute of Standards and Technology (NIST) guidelines and standards are utilized to enhance the organization’s security strength and posture.
  • Cyber Essentials Plus is a UK Government backed process that utilizes third-party validation of ICF’s security controls to provide certification that ensures adequate security controls based on the standard.

For more information regarding our data protection program, please see our white paper and our Privacy Statement.

More about ICF