Certifications

In January 2025, we achieved our fourth consecutive SOC 2 Type II attestation covering both software development and our ‘Run by Endava’ operations.

System and Organization Controls (SOC) 2 is a comprehensive reporting framework put forth by the American Institute of Certified Public Accountants (AICPA) in which independent, third-party auditors carry out an assessment and subsequent testing of controls relating to the Trust Services Criteria (TSC) of security, availability, processing integrity, confidentiality and privacy.

Endava’s Quality Management System (QMS) is certified to the ISO 9001 standard. Our QMS is embedded within the Endava Adaptive Model (TEAM) and ensures consistent delivery of high-quality digital products and services. Internal audits and cross-project reviews provide continued monitoring and improvement throughout the project lifecycle, helping us uphold the highest standards in delivery excellence.

We continue expanding the reach of our environmental management system and reinforcing our commitment to responsible, sustainable operations.

In FY2025, we successfully completed the supervision audit for the ISO 14001 certification in 9 locations across Romania and Moldova, ensuring ongoing compliance. In December 2025 our UK legal entity also achieved the ISO 14001 certification, further strengthening the consistency of our environmental practices.

We have implemented and continue to uphold a robust Anti-Bribery Management System that fully meets the requirements of ISO 37001. In November 2024, we were proud to receive ISO 37001 certification for Endava UK, marking a significant milestone in our commitment to the highest standards of ethical conduct.

Our Anti-Bribery & Anti-Corruption Policy underscores Endava's unwavering stance of zero tolerance towards bribery and corruption, whether by our employees or any intermediaries acting on our behalf.

Our Business Continuity Management System (BCMS) is certified to the ISO 22301:2019 international standard on Business Continuity, affirming our commitment to proactive continuity planning and resilience. The BCMS encompasses detailed continuity plans for our people, processes and technologies across our global operations.

Recognising the growing complexity of hybrid work environments, our strategy addresses location-independent risks such as cyber threats, geopolitical instability, natural disasters and local infrastructure vulnerabilities. These risk assessments are integrated in our mitigation strategies to ensure continuity of service under a range of scenarios.

We are actively expanding our Information Security Management System (ISMS) in alignment with the ISO 27001 standard across our global delivery locations. At the end of June 2025, approximately 60% of Endava legal entities achieved the ISO 27001 certification.

This certification attests to the strength of our security practices, demonstrating robust controls that are designed to mitigate risks, prevent unauthorised access, and protect confidentiality, integrity and availability of data across our systems.

Download our ISO 27001 certification for Endava UK Limited and contact us for certifications from other locations.

Since April 2024, Endava has maintained Cyber Essentials Certification, a UK government backed programme administered by the National Cyber Security Centre. The certification confirms that we meet fundamental cyber security requirements and are protected against a wide range of common cyber threats. We successfully renewed our certification in April 2025, underscoring our ongoing commitment to security best practices.

Our Berlin office (part of Endava GMBH) and Timisoara office (part of Endava Romania SRL) are registered Trusted Information Security Assessment Exchange (TISAX) participants. TISAX is an internationally recognised standard for data security in the automotive industry. TISAX is a registered trademark and governed by ENX Association.