HashiCorp Achieves SOC 2 Type I Compliance
Earning and maintaining our customers’ trust is of the utmost importance to us at HashiCorp. Because of this we have invested heavily in security, and we are excited to share that HashiCorp has achieved SOC 2 Type I compliance for HashiCorp Terraform Enterprise, Vault Enterprise, Consul Enterprise, Nomad Enterprise, and Terraform Cloud.
Our security team, in collaboration with our product and engineering teams, is dedicated to ensuring that our products are designed, architected and developed with both the security of our products, and of our customers’ data in mind.
With the adoption of industry best practices for controls and processes throughout our environments and software development lifecycle, we strive for best-in-class security. This includes security awareness training for all employees, internal threat models, as well as external penetration testing, vulnerability management, security in the release cycle, and endpoint management.
Our security program was audited by an external third party against the AICPA Trust Service Principles, including Security, Availability and Confidentiality. This achievement validates our commitment as we strive to earn and maintain our customers’ trust, and, as we progress in our compliance journey, and pursuing SOC 2 Type II, along with ISO 27001, helps us mature our security posture. For more information about HashiCorp security, please visit hashicorp.com/security.
Our complete SOC 2 Type I audit report is available to customers and prospects under NDA upon request.
Sign up for the latest HashiCorp news
More blog posts like this one

Streaming HCP Vault audit logs to Amazon CloudWatch for secure, real-time visibility
Learn how to automatically stream HCP Vault Dedicated audit logs into Amazon CloudWatch for real-time monitoring and compliance.

Anonymize RAG data in IBM Granite and Ollama using HCP Vault
Learn how to configure tokenization and masking with HCP Vault's transform secrets engine for data and pass it to IBM Granite, Ollama, and Open WebUI for RAG.

HashiCorp Vault and FIPS 140-3: Strengthening security and compliance
HashiCorp Vault now supports FIPS 140-3, the latest NIST standard for cryptographic modules.