HashiCorp’s Security and Compliance Program Takes Another Step Forward
HashiCorp has renewed its SOC II Type II report for HCP Vault and HCP Consul, and obtained ISO 27017 and ISO 27018 certificates for its cloud products.
As we’ve long made clear, earning and maintaining our customers’ trust is of the utmost importance to us at HashiCorp.
This is especially true now that our offerings include multiple cloud-based products in addition to our enterprise products. With that in mind, we continue to enhance and mature our security program to function even better in a cloud-centric environment.
As evidence of our efforts, I’m pleased to share that we continue to maintain our existing security audit reports, and are expanding the scope of our program. We are including HCP Vault and HCP Consul as part of our SOC 2 Type II report and ISO 27001 certificate. Issued by an independent audit firm, SOC 2 Type II reports describe an organization’s system and assess the description of controls. The report includes the audit firm’s opinion and evaluates whether the organization’s controls are designed appropriately, were in operation on a specified date, and were operating effectively over a specified time period. ISO 27001 is a security management standard that specifies security management best practices and comprehensive security controls following the ISO 27002 best practice guidance. The basis of this certification is the development and implementation of a rigorous security program, which includes the development and implementation of an Information Security Management System (ISMS), which defines how we manage security in a holistic, comprehensive manner.
In addition, we have obtained ISO 27017 and ISO 27018 certificates for Terraform Cloud, HCP Vault, HCP Consul, and HashiCorp Consul Service on Microsoft Azure. ISO 27017 is a compliance framework that focuses on security controls for our cloud products, and ISO 27018 is a framework focusing on privacy controls for cloud products.
This achievement helps validate our commitment to security and compliance. We continue to take steps to earn and maintain our customers’ trust while working to make our security posture even more mature. For more information about HashiCorp security, please visit hashicorp.com/security.
As HashiCorp continues to expand and grow our security program, we plan to further expand the scope of our compliance program in 2022. Our audit reports and certificates are available to customers and prospects under NDA upon request.
Sign up for the latest HashiCorp news
More blog posts like this one
3 cybersecurity stories from 2024 that show what we need to do in 2025
The majority of attacks in 2025 aren’t going to be related to AI or use zero-days. They’ll continue to focus on the easiest exploits, including exposed credentials and user access patterns.
Fannie Mae’s process for developing policy as code with Terraform Enterprise and Sentinel
Learn how to implement the policy as code development lifecycle used in the highly regulated cloud environments at Fannie Mae.
Vault integrations with MongoDB, Private Machines, and walt.id strengthen customer security
Three new HashiCorp Vault ecosystem integrations extend security use cases for customers.