At CircleCI, we care about security - last year, we became the first CI/CD tool to meet the rigorous security and privacy standards required by government agencies to get FedRAMP authorized. Now, CircleCI is SOC 2 compliant, adding another industry-recognized security accreditation.

What is SOC 2?

SOC 2 compliance is a component of the American Institute of CPAs (AICPA)’s Service Organization Control reporting platform. SOC 2 provides us with an opportunity to meet (and exceed) industry standards and gives our users access to industry-recognized, standardized reports that they can compare across services in our space. Our compliance means that we have put in place and follow the procedures and policies necessary to reduce our risks, and our processes can be requested and audited.

What this means for CircleCI users

CircleCI is now in a position to provide SOC 2 Type I and FedRAMP Appendix B reports as of November 1, 2019 (October 14, 2019, for FedRAMP). Our SOC 2 Type 2 report will be available in one year. These reports outline our policies for organizational oversight, vendor management, internal corporate governance and risk management processes, and regulatory oversight. They cover everything from how we encrypt our customer’s data to how we train our employees. Our users’ trust in us is very important so it is imperative that we provide them with visibility into our security escalation and incident reporting processes. This allows our users to have confidence in using our product, knowing that their data is protected.

At CircleCI, it’s vitally important to us to take care of your data so that you can remain focused on building the best product for your users. With our SOC 2 compliance, we are proud to formalize this commitment to you, our users.

To request a copy of our SOC 2 Type I or FedRAMP Appendix B report, please reach out to us here.