Certifications

Since 2021, we have annually undergone SOC 2 Type II audits for operational effectiveness.

In January 2024, we successfully completed our SOC 2 Type II attestation for software development and ‘Run by Endava’ operations for the third year running. This achievement highlights our commitment to the most rigorous controls to ensure data security, availability and confidentiality.

The trust services criteria, developed by the American Institute of Certified Public Accountants (AICPA), are ‘gold standards’ for assessing service provider security, availability and confidentiality.

Our intelligent Quality Management System (QMS) is certified to ISO 9001. Through QMS, we ensure the quality of our digital products and services. Our quality assurance process is incorporated into our delivery framework, The Endava Adaptive Model (TEAM). Additionally, our internal audit process and cross-project reviews provide operational monitoring throughout projects to help ensure the highest quality delivery.

We have implemented and continue to uphold a robust Anti-Bribery Management System that fully meets the requirements of ISO 37001. In November 2024, we were proud to receive ISO 37001 certification for Endava UK, marking a significant milestone in our commitment to the highest standards of ethical conduct.

Our Anti-Bribery & Anti-Corruption Policy underscores Endava's unwavering stance of zero tolerance towards bribery and corruption, whether by our employees or any intermediaries acting on our behalf.

Endava is aware of the importance of ensuring its business operates consistently and reliably and continues to provide a high-quality service to all its clients even where situations arise that could cause temporary service interruptions. Therefore, Endava is committed to maintaining a robust and effective Business Continuity Management System as a key mechanism to restore and sustain continuity of key services in the event of a disruptive incident such as a regional conflict, pandemic outbreak or other disasters resulting from human or natural activities.

In line with this commitment, Endava has established a Business Continuity Management System (BCMS) certified under the international standard for business continuity, ISO 22301:2019. The company has created a framework for Business Continuity Management that requires development of specific plans at the critical location level and within IT Services to address significant disaster events effectively.

We continue to expand our Information Security Management System (ISMS) certification to ISO 27001 to all our delivery locations and activities. Successfully maintaining and extending the ISO 27001 attests to our robust security practices and comprehensive risk management approach.

The certification confirms the controls we have in place for the in-scope systems that are designed to mitigate risks, prevent unauthorised access, and maintain the confidentiality, integrity and availability of data.

Download our ISO 27001 certification for Endava UK Limited and contact us for certifications from other locations.

In April 2024, Endava became Cyber Essentials Certified. Cyber Essentials certifies organisations through annual assessments that they have the proper level of cyber security protection. This certification is backed by the UK government and overseen by the National Cyber Security Centre.

Our Berlin office (part of Endava GMBH) and Timisoara office (part of Endava Romania SRL) are registered Trusted Information Security Assessment Exchange (TISAX) participants. TISAX is an internationally recognised standard for data security in the automotive industry. TISAX is a registered trademark and governed by ENX Association.