HashiCorp Achieves SOC 2 Type I Compliance
Earning and maintaining our customers’ trust is of the utmost importance to us at HashiCorp. Because of this we have invested heavily in security, and we are excited to share that HashiCorp has achieved SOC 2 Type I compliance for HashiCorp Terraform Enterprise, Vault Enterprise, Consul Enterprise, Nomad Enterprise, and Terraform Cloud.
Our security team, in collaboration with our product and engineering teams, is dedicated to ensuring that our products are designed, architected and developed with both the security of our products, and of our customers’ data in mind.
With the adoption of industry best practices for controls and processes throughout our environments and software development lifecycle, we strive for best-in-class security. This includes security awareness training for all employees, internal threat models, as well as external penetration testing, vulnerability management, security in the release cycle, and endpoint management.
Our security program was audited by an external third party against the AICPA Trust Service Principles, including Security, Availability and Confidentiality. This achievement validates our commitment as we strive to earn and maintain our customers’ trust, and, as we progress in our compliance journey, and pursuing SOC 2 Type II, along with ISO 27001, helps us mature our security posture. For more information about HashiCorp security, please visit hashicorp.com/security.
Our complete SOC 2 Type I audit report is available to customers and prospects under NDA upon request.
Sign up for the latest HashiCorp news
More blog posts like this one

Why we need short-lived credentials and how to adopt them
Go from static credentials, to auto-rotation, to fully ephemeral “dynamic” credentials with two example roadmaps and see why short-lived credentials are so important.

Configuring dynamic secrets for a PostgreSQL and GitLab CI using HashiCorp Vault
Learn how to set up and issue short-lived credentials for a PostgreSQL database and in a GitLab CI pipeline with Vault, a secrets management platform.

Preventative beats reactive: Modern risk management for infrastructure vulnerabilities
Vulnerability scanning is a last line of defense. Your first line should be preventative risk management strategies that shift security left and narrow the window for exploits.