HashiCorp Achieves SOC 2 Type I Compliance
Earning and maintaining our customers’ trust is of the utmost importance to us at HashiCorp. Because of this we have invested heavily in security, and we are excited to share that HashiCorp has achieved SOC 2 Type I compliance for HashiCorp Terraform Enterprise, Vault Enterprise, Consul Enterprise, Nomad Enterprise, and Terraform Cloud.
Our security team, in collaboration with our product and engineering teams, is dedicated to ensuring that our products are designed, architected and developed with both the security of our products, and of our customers’ data in mind.
With the adoption of industry best practices for controls and processes throughout our environments and software development lifecycle, we strive for best-in-class security. This includes security awareness training for all employees, internal threat models, as well as external penetration testing, vulnerability management, security in the release cycle, and endpoint management.
Our security program was audited by an external third party against the AICPA Trust Service Principles, including Security, Availability and Confidentiality. This achievement validates our commitment as we strive to earn and maintain our customers’ trust, and, as we progress in our compliance journey, and pursuing SOC 2 Type II, along with ISO 27001, helps us mature our security posture. For more information about HashiCorp security, please visit hashicorp.com/security.
Our complete SOC 2 Type I audit report is available to customers and prospects under NDA upon request.
Sign up for the latest HashiCorp news
More blog posts like this one
HCP Terraform adds run queue visibility and new ephemeral workspace features
HCP Terraform and Terraform Enterprise gain new features related to ephemeral workspaces along with run queue visibility for HCP Terraform specifically.
Rotated vs. dynamic secrets: Which should you use?
Learn about the differences and similarities between automated secret rotation and dynamic secrets, and find out when to use each type.
Mitigate risk in regulated industries with HashiCorp Vault in Google Distributed Cloud
Learn how Google Distributed Cloud air-gapped private cloud service works with HashiCorp Vault to mitigate risk.