NordVPN, a leading cybersecurity company, underwent an independent audit at the end of 2024 to maintain transparency and trust. The review was carried out by Deloitte, one of the Big Four firms, which had full access to NordVPN’s services for a month.
Trust and Privacy
For the fifth time in NordVPN’s history, independent auditors have verified the company’s commitment to not retaining user data, in line with its privacy promises.
“Customer trust underpins everything we do in cybersecurity. Trust is hard to earn and we never take it for granted. To maintain it, we continuously innovate and improve our world-class security products and we stand by our promise not to monitor or store our users’ traffic. Having this confirmed for the fifth time by an independent, globally respected auditor shows that privacy is more than a buzzword at NordVPN,” says Marijus Briedis, CTO of NordVPN.
Scope and Execution of the Audit
During the independent audit, Deloitte interviewed NordVPN employees and inspected server infrastructure and logs. They had access to NordVPN’s services from November 18 to December 20, 2024, and reviewed privacy-relevant configuration settings and deployment processes for standard VPN, Double VPN, Onion Over VPN, obfuscated servers, and Peer-to-Peer (P2P) servers.
Standards and Assessment
The evaluation of NordVPN’s IT configuration and management was performed in accordance with the International Standard on Assurance Engagements 3000 (Revised) (ISAE 3000), as established by the International Auditing and Assurance Standards Board (IAASB).
Previous Independent Audits
NordVPN’s first independent assessment took place in 2018, followed by additional evaluations in 2020, 2022 and 2023. The latter two were conducted by Deloitte. The December 2024 audit represents the company’s fifth independent review.
Access to the Full Audit Report
The complete audit report is available to read on NordVPN’s website.