HashiCorp’s Security and Compliance Program Takes Another Step Forward
HashiCorp has renewed its SOC II Type II report for HCP Vault and HCP Consul, and obtained ISO 27017 and ISO 27018 certificates for its cloud products.
As we’ve long made clear, earning and maintaining our customers’ trust is of the utmost importance to us at HashiCorp.
This is especially true now that our offerings include multiple cloud-based products in addition to our enterprise products. With that in mind, we continue to enhance and mature our security program to function even better in a cloud-centric environment.
As evidence of our efforts, I’m pleased to share that we continue to maintain our existing security audit reports, and are expanding the scope of our program. We are including HCP Vault and HCP Consul as part of our SOC 2 Type II report and ISO 27001 certificate. Issued by an independent audit firm, SOC 2 Type II reports describe an organization’s system and assess the description of controls. The report includes the audit firm’s opinion and evaluates whether the organization’s controls are designed appropriately, were in operation on a specified date, and were operating effectively over a specified time period. ISO 27001 is a security management standard that specifies security management best practices and comprehensive security controls following the ISO 27002 best practice guidance. The basis of this certification is the development and implementation of a rigorous security program, which includes the development and implementation of an Information Security Management System (ISMS), which defines how we manage security in a holistic, comprehensive manner.
In addition, we have obtained ISO 27017 and ISO 27018 certificates for Terraform Cloud, HCP Vault, HCP Consul, and HashiCorp Consul Service on Microsoft Azure. ISO 27017 is a compliance framework that focuses on security controls for our cloud products, and ISO 27018 is a framework focusing on privacy controls for cloud products.
This achievement helps validate our commitment to security and compliance. We continue to take steps to earn and maintain our customers’ trust while working to make our security posture even more mature. For more information about HashiCorp security, please visit hashicorp.com/security.
As HashiCorp continues to expand and grow our security program, we plan to further expand the scope of our compliance program in 2022. Our audit reports and certificates are available to customers and prospects under NDA upon request.
Sign up for the latest HashiCorp news
More blog posts like this one

HashiCorp at Microsoft Build 2025: New products to automate, secure, and scale on Azure
Learn about the latest news from the HashiCorp and Microsoft ecosystems as we kick off Microsoft Build 2025 this week.

Why adopt HCP Vault Radar
HCP Vault Radar, enables teams to move from reactive firefighting to proactive secret remediation and management.

HCP Terraform adds public Terraform module and provider management via organizations
You can now manage your Terraform Registry artifacts within your HCP Terraform organization, simplifying and securing the ownership and management process.