A statement on social injustice. Click to read more.

ICF is committed to your data privacy

We respect the confidentiality of all personal data–whether regarding our clients, their stakeholders, our employees, our partners, or any other party. We take significant measures and precautions to protect their data.

To ensure we are doing our part, we’ve aligned our internal procedures and processes, data systems and document, and supplier relationships to comply with globally recognized data protection laws and regulation. Specifically, we primarily have addressed data protection by:

Ensuring our data protection practices adhere to strict industry standards.

  • We have undergone independent third-party audits to secure multiple certifications, including:
    • ISO 27001, which is an international standard that validates our ability to successfully manage information security.
    • SSAE 16, which attests to our ability to report on compliance controls.
    • SOC 2, which attests to our core corporate systems as they relate to trust services principles and criteria for security, including confidentiality, integrity, availability, processing, and privacy.

Establishing a data protection team, policies, processes, and procedures.

  • We appointed a Data Protection Officer in line with the requirements of the EU General Data Protection Regulation and established a global Data Protection Team. 
  • We established and implemented various data protection practices like Privacy by Design and Privacy by Default (PbDs), multi-factor authentication, transparent and comprehensive privacy statements, and risk mitigation and escalation protocols.

Requiring all ICF employees be trained in data protection.

  • We require all ICF employees to participate in extensive data protection awareness training and ensure appropriate resources are available. Key training topics include:
    • Global data protection laws and regulations, data subjects’ rights, ICF’s policies and procedures, and contractual obligations to ensure compliance.
    • Data protection concepts and how they fit into our daily operations.
    • ICF’s and employees’ duties for staying alert and vigilant when treating personal data and properly safeguarding personal data.
    • Employees’ and others’ rights as a data subject.
  • We provide supplemental, in-depth training for employees based on their roles to address duty-specific ways to safeguard personal data.

Maintaining rigorous monitoring of our vendors.

  • We monitor our vendors’ data protection compliance through rigorous data protection assessments.

Read our Data Protection whitepaper for more details on ICF’s Global Data Protection and ePrivacy program.

  • Privacy Statement
  • More about ICF