Third assurance by Deloitte confirms NordVPN’s commitment to privacy
Cybersecurity company NordVPN just confirmed its third no-log policy assurance engagement. Practitioners conducted a thorough analysis focused on the procedures and configurations of standard VPN, obfuscated, Double VPN, Onion Over VPN, and P2P servers as well as a server configuration and central infrastructure inspection. They found that NordVPN’s customers are provided with a VPN service compliant with its no-logs policy.
The assurance engagement was conducted by Deloitte, an industry-leading Big Four auditing firm, which independently examined NordVPN’s services and tested its no-logs claim. NordVPN’s first independent no-log audit was completed in 2018, followed by its second assessment in 2020, showing the company’s continuous commitment to privacy.
Here are some of the key take-aways from the audit:
- An in-depth review. The engagement process involved interviews with NordVPN employees as well as inspections of server configuration, technical logs, and other servers in our infrastructure. The tests covered our obfuscated, Double VPN, standard VPN, Onion Over VPN, and P2P servers.
- A point-in-time assessment. The practitioners can only report on what they saw when they were given access to our services. The assurance engagement was performed from November 21 to December 10, 2022.
- The results. During that point in time, the practitioners saw no signs that we violated our no-logs promise.
