HashiCorp’s Security and Compliance Program Takes Another Step Forward

As we’ve long made clear, earning and maintaining our customers’ trust is of the utmost importance to us at HashiCorp.

This is especially true now that our offerings include multiple cloud-based products in addition to our enterprise products. With that in mind, we continue to enhance and mature our security program to function even better in a cloud-centric environment.

As evidence of our efforts, I’m pleased to share that we continue to maintain our existing security audit reports, and are expanding the scope of our program. We are including HCP Vault and HCP Consul as part of our SOC 2 Type II report and ISO 27001 certificate. Issued by an independent audit firm, SOC 2 Type II reports describe an organization’s system and assess the description of controls. The report includes the audit firm’s opinion and evaluates whether the organization’s controls are designed appropriately, were in operation on a specified date, and were operating effectively over a specified time period. ISO 27001 is a security management standard that specifies security management best practices and comprehensive security controls following the ISO 27002 best practice guidance. The basis of this certification is the development and implementation of a rigorous security program, which includes the development and implementation of an Information Security Management System (ISMS), which defines how we manage security in a holistic, comprehensive manner.

In addition, we have obtained ISO 27017 and ISO 27018 certificates for Terraform Cloud, HCP Vault, HCP Consul, and HashiCorp Consul Service on Microsoft Azure. ISO 27017 is a compliance framework that focuses on security controls for our cloud products, and ISO 27018 is a framework focusing on privacy controls for cloud products.

This achievement helps validate our commitment to security and compliance. We continue to take steps to earn and maintain our customers’ trust while working to make our security posture even more mature. For more information about HashiCorp security, please visit hashicorp.com/security.

As HashiCorp continues to expand and grow our security program, we plan to further expand the scope of our compliance program in 2022. Our audit reports and certificates are available to customers and prospects under NDA upon request.