ICF is committed to your data privacy

We respect the confidentiality of all personal data–whether regarding our clients, their stakeholders, our employees, our partners, or any other party. We take significant measures and precautions to protect their data.

Among other things, we have aligned our internal procedures and processes, data systems and document, and supplier relationships to comply with globally recognized data protection laws and regulation. Specifically, we primarily have addressed data protection by:

Ensuring our data protection practices adhere to strict industry standards.

  • We have undergone independent third-party audits to secure multiple certifications, including:
    • ISO 27001, which is an international standard that validates our ability to successfully manage information security.
    • SSAE 16, which attests to our ability to report on compliance controls.
    • SOC 2, which attests to our core corporate systems as they relate to trust services principles and criteria for security, including confidentiality, integrity, availability, processing, and privacy.

Establishing a data protection team, policies, processes, and procedures.

  • We have appointed a Data Protection Officer for our offices in the European Union and the United Kingdom in line with the requirements of the EU 
    General Data Protection Regulation.  We have also established a global Data Protection Team.
  • We have established and implemented various data protection practices like Privacy by 
    Design and Privacy by Default (PbDs), multi-factor authentication, transparent and comprehensive privacy statements, and risk mitigation and escalation protocols. 

Requiring all ICF employees be trained in data protection.

  • We require all ICF employees to participate in extensive data protection awareness training and ensure appropriate resources are available. Key training topics include:
    • Global data protection laws and regulations, data subjects’ rights, ICF’s policies and procedures, and contractual obligations to ensure compliance.
    • Data protection concepts and how they fit into our daily operations.
    • ICF’s and employees’ duties for staying alert and vigilant when treating personal data and properly safeguarding personal data.
    • Employees’ and others’ rights as a data subject.
  • We provide supplemental, in-depth training for employees based on their roles to address duty-specific ways to safeguard personal data.

Maintaining rigorous monitoring of our vendors.

  • We monitor our vendors’ data protection compliance through rigorous data protection assessments.

For further information, see our Privacy Statement.

More about ICF