At CircleCI, we care about security - in 2018, we became the first CI/CD tool to meet the rigorous security and privacy standards required by government agencies to get FedRAMP authorized. Now, CircleCI is SOC 2 Type II certified, adding another industry-recognized security accreditation.

What is SOC 2 Type II?

SOC 2 Type II certification is a component of the American Institute of CPAs (AICPA)’s Service Organization Control reporting platform. SOC 2 Type II provides us with an opportunity to meet (and exceed) industry standards and gives our users access to industry-recognized, standardized reports that they can compare across services in our space. Our certification means that we have put in place and follow the procedures and policies necessary to reduce our risks, and our processes can be requested and audited.

What this means for CircleCI users

CircleCI is now in a position to provide SOC 2 Type II and FedRAMP Appendix B reports as of October 22, 2020 (October 14, 2019, for FedRAMP). These reports outline our policies for organizational oversight, vendor management, internal corporate governance and risk management processes, and regulatory oversight. They cover everything from how we encrypt our customer’s data to how we train our employees. Our users’ trust in us is very important so it is imperative that we provide them with visibility into our security escalation and incident reporting processes. This allows our users to have confidence in using our product, knowing that their data is protected.

At CircleCI, it’s vitally important to us to take care of your data so that you can remain focused on building the best product for your users. With our SOC 2 Type II certification, we are proud to formalize this commitment to you, our users.

To request a copy of our SOC 2 Type II or FedRAMP Appendix B report, please reach out to us here.