A third-party or independent audit is becoming no less than a trend in the virtual private network industry. In fact, over five top VPN providers have already gone under extensive scrutiny by third-party auditors and, ultimately, received validation.

Since the audit is the new black these days, the press releases published by the audited VPN services are being picked up rapidly by news outlets and reputed publishers. You can find even the top review websites like the Forbes and the likes breaking the no-log audit news of the respective VPN providers.

However, picking up news and simply publishing them doesn't seem enough to a review website. Instead, the reviewer has gone a step beyond and reached out to the top No-Log certified VPN providers with its set of some technical queries.

The technical questionnaire that includes queries regarding the selection of the auditor, scope, and extent of the audit, additional steps to reassurance other than the audit and more were sent to different VPN providers. However, at the time of writing this blog, only PureVPN was proactive enough to respond to the completed questionnaire.

PureVPN Response on No-Log Audit

It has been long since the elite VPN provider, PureVPN, received zero-log certification. The VPN provider was evaluated by the auditors at Altius IT. It is a California-based independent auditing firm which has 25 years of experience in the audit and risk management sector.

PureVPN chooses Altius IT not only because of its extensive audit experience but also because the firm maintains professional certifications in the concerned area such as ISACA for CISA, CRISC & CGEIT. Moreover, the VPN provider states in the interview that the audit firm is known for its thoroughness as well as the strict audit practices that are in line with the standards defined and set by ISACA.

The VPN provider also claims that it was "an intensive end to end Audit." The auditor not only evaluated the systems and networks of the VPN service but also its configuration playbooks, APIs and, in fact, the entire data flow.

PureVPN further stated in its interview on the no-log audit that it is just one of the few steps it has taken to bolster its "commitment to true privacy." Moreover, in the recent few years, PureVPN privacy policy has been revamped, it now complies with the GDPR as well as zero-log claims.

A year back, the VPN provider also participated in a Bug-Bounty program where over 90,000 hackers and pen-testers try to find vulnerabilities in the systems.

Apart from the revelations listed here, PureVPN also answered some other technical questions asked by the review website. You can find the complete interview here.