Security, Compliance & Assurance

AICPA SOC 2

Netskope System & Organization Control (SOC) Reports are independent third-party examination reports that demonstrate how Netskope achieves key compliance controls and objectives. The purpose of these reports is to help you and your auditors understand the Netskope controls established to support operations and compliance.

To request a copy of our SOC 2 report , please contact your account representative.

California Consumer Privacy Act

Netskope supports the customer’s compliance for Processing covered by the California Consumer Privacy Act of 2018 (the “CCPA”). To confirm applicable aspects of the CCPA in connection with Customer’s use of the Services, Netskope has provided this Compliance Statement. This notice supplements the Netskope Privacy Policy.

Center for Internet Assurance (CIS)

CIS is an independent, nonprofit organization with a mission to create confidence in the connected world. The Center for Internet Security, Inc. (CIS®) makes the connected world a safer place for people, businesses, and governments through their core competencies of collaboration and innovation. CIS is a community-driven nonprofit, responsible for the CIS Controls® and CIS Benchmarks™, globally recognized best practices for securing IT systems and data.

Netskope CSPM has received CIS Benchmark Certification, specifically:

• CIS Microsoft Azure Foundations Benchmark v1.3.0 – Server Level 1 & 2. Click here to view our CIS Benchmark Certification for Azure
• CIS Amazon Web Services Foundations Benchmark v1.4.0. Level 1 & 2 – Server. Click here to view our CIS Benchmark Certification for AWS

Cloud Computing Compliance Controls Catalog (C5)

Cloud Computing Compliance Controls Catalog (C5) is a German Government-backed attestation scheme introduced in Germany by the Federal Office for Information Security (BSI) to help organizations demonstrate operational security against common cyber-attacks within the context of the German Government’s “Security Recommendations for Cloud Providers”.

To request a copy of our C5 report , please contact your account representative.

CSA STAR Certification

The CSA Security, Trust and Assurance Registry (STAR) encompasses the key principles of transparency, rigorous auditing, harmonization of standards, with continuous monitoring. STAR consists of three levels of assurance, which currently cover four unique offerings all based upon a succinct yet comprehensive list of cloud-centric control objectives in the CSA’s Cloud Controls Matrix (CCM). CCM is the only meta-framework of cloud-specific security controls, mapped to leading standards, best practices and regulations. CCM provides organizations with the needed structure, detail and clarity relating to information security tailored to cloud computing.

View our CSA STAR Level II Certification.

Data Privacy Framework (DPF) Program

The EU-U.S. DPF, UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF were respectively developed by the U.S. Department of Commerce and the European Commission, UK Government, and Swiss Federal Administration to provide organizations with reliable mechanisms for personal data transfers to the United States from the European Union, United Kingdom, and Switzerland while ensuring data protection that is consistent with EU, UK, and Swiss law.

For further information on Netskope’s participation in the program, please visit https://www.netskope.com/privacy-policy

FedRAMP

FedRAMP is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. The program enables government agencies to adapt from old, insecure legacy IT to mission-enabling, secure, and cost-effective cloud-based IT.

Learn more about Netskope’s Authorization.

As part of its Health Insurance Portability and Accountability Act (HIPAA) compliance program, Netskope has been assessed against the controls in place to satisfy the requirements of the HIPAA Security Rule, as well as the requirements of the HIPAA Breach Notification Rule as formalized by the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 and the Omnibus Rule of 2013.

To request a copy of our HIPAA Assessment Report, please contact your account representative.

IPv6

Netskope, in support of the Office of Management and Budget’s memorandum 21-07 with specific focus on IPv6 support. For any questions or queries or to request a copy of Netskope IPv6 support, please contact us.

Infosec Registered Assessors Program (IRAP)

IRAP endorses individuals from the private and public sectors to provide security assessment services.

ASD endorses suitably-qualified cyber security professionals to provide relevant services which aim to secure broader industry and Australian Government systems and data.

Endorsed IRAP assessors assist in securing your systems and data by independently assessing your cyber security posture, identifying security risks and suggesting mitigation measures.

To request a copy of Netskope’s IRAP Assessment letter, please contact your account representative.

ISO 27001

The International Organization for Standardization 27001 Standard (ISO 27001) is an information security standard that ensures office sites, development centers, support centers and data centers are securely managed. These certifications run for 3 years (renewal audits) and have annual touch point audits (surveillance audits).

To request a our ISO 27001 Certificate , please contact your account representative.

ISO 27017

ISO/IEC 27017 is a security standard developed for cloud service providers and users to make a safer cloud-based environment and reduce the risk of security problems.

To request the ISO 27017 certification, please contact your account representative.

ISO 27018 Certified

The International Organization for Standardization 27018 Standard (ISO 27018) covers privacy protections for the processing of personal information by cloud service providers.

To request a our ISO 27018 Certificate , please contact your account representative.

National Security Scheme (High category)

Netskope is certified in the High category of the National Security Scheme (Esquema Nacional de Seguridad). This certification defines the security standards that apply to all government agencies and public organisations in Spain, as well as the service providers on which public services depend.

Click here to see our certification.

UK Cyber Essentials

Cyber Essentials is a United Kingdom government information assurance scheme that is operated by the United Kingdom National Cyber Security Centre (NCSC). It encourages organisations to adopt good practice in information security. Cyber Essentials also includes an assurance framework and a simple set of security controls to protect information from threats coming from the internet.

To request the UK Cyber Essentials certification, please contact your account representative.

VPAT 508

Federal agencies subject to Section 508 are required to report on the implementation of Section 508. The Office of Management and Budget (OMB), in consultation with the General Services Administration (GSA) and the U.S. Access Board (USAB) have updated criteria and instructions for agency response.

To request the Netskope VPAT, please contact your account representative.

Netskope’s Customer Data Processing Addendum (DPA)

View Netskope’s Customer Data Processing Addendum (DPA)

To execute Netskope’s Customer DPA please follow the instructions on page 1 of the DPA. Please return an executed copy of the DPA to [email protected].

For any questions or queries or to request a copy of the DPA in an alternative format, please contact [email protected].