Back 
Netskope acknowledges the importance of meeting industry-standard, third-party, and international audit requirements for both our customers and ourselves. We conduct regular audits and maintain certifications aligned with the critical industry standards outlined here.
 | ISO 27001:2022 The International Organization for Standardization 27001 Standard (ISO 27001) is an information security standard that ensures office sites, development centers, support centers, and data centers are securely managed. These certifications run for 3 years (renewal audits) and have annual touchpoint audits (surveillance audits). |
 | ISO 27017:2015 ISO/IEC 27017:2015 provides guidance on the information security aspects of cloud computing, recommending the implementation of cloud-specific information security controls that supplement the guidance of the ISO/IEC 27002 and ISO/IEC 27001 standards. |
 | ISO 27018:2019 The International Organization for Standardization 27018 Standard (ISO 27018) covers privacy protections for the processing of personal information by cloud service providers. |
 | SOC 2 Type 2 Audit The SOC 2 is the AICPA standard for reporting on controls at service organizations, including Software-as-a-Service (SaaS) providers. Netskope completes a SOC 2 Type 2 audit by a nationally recognized auditor on an annual basis. The SOC 2 attestation covers the Security, Confidentiality, Processing Integrity, and Availability trust service principles. |
 | Health Insurance Portability and Accountability Act (HIPAA) HIPAA is the federal Health Insurance Portability and Accountability Act of 1996. The primary goal of the law is to make it easier for people to keep health insurance, protect the confidentiality and security of healthcare information, and help the healthcare industry control administrative costs. |
 | Cloud Computing Compliance Controls Catalogue (C5) Cloud Computing Compliance Controls Catalogue (C5) is a German Government-backed attestation scheme introduced in Germany by the Federal Office for Information Security (BSI) to help organizations demonstrate operational security against common cyberattacks within the context of the German Government’s “Security Recommendations for Cloud Providers”. |
 | CSA STAR - Cloud Security Alliance The CSA Security, Trust and Assurance Registry (STAR) encompasses the key principles of transparency, rigorous auditing, harmonization of standards, with continuous monitoring. STAR consists of three levels of assurance, which currently cover four unique offerings, all based upon a succinct yet comprehensive list of cloud-centric control objectives in the CSA Cloud Controls Matrix (CCM). CCM is the only meta-framework of cloud-specific security controls, mapped to leading standards, best practices, and regulations. CCM provides organizations with the needed structure, detail, and clarity relating to information security tailored to cloud computing. |
 | Information Security Registered Assessors Program The Information Security Registered Assessors Program (IRAP) enables Australian government customers to validate that appropriate controls are in place and determine the appropriate responsibility model for addressing the needs of the Australian Signals Directorate (ASD) Information Security Manual (ISM). |
 | UK Cyber Essentials Cyber Essentials is a United Kingdom government information assurance scheme that is operated by the United Kingdom National Cyber Security Center (NCSC). It encourages organizations to adopt good practices in information security. Cyber Essentials also includes an assurance framework and a simple set of security controls to protect information from threats coming from the internet. |
 | Spain’s National Security Scheme (ENS) Certificate The ENS was published by the "Royal Decree 3/2010 of 8 January, which regulates the National Security Framework in the field of Electronic Administration," which is mainly responsible for establishing the security policy in the use of electronic means through the basic principles and minimum requirements that adequately guarantee the security of the information processed. |
 | Data Privacy Framework Netskope has been certified under the Data Privacy Framework (DFD). The EU-U.S. and Swiss-U.S. Data Privacy Frameworks is designed by the U.S. Department of Commerce, European Commission and the Swiss Federal Administration to provide companies on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data from the European Union/EEA and Switzerland to the United States in support of transatlantic commerce. Netskope can confirm that it is compliant with the EU-U.S and Swiss-U.S. Data Privacy Frameworks (DPF). |
 | Payment Card Industry Data Security Standard (PCI DSS) PCI DSS is the global security standard for all entities that store, process, or transmit cardholder data. PCI DSS sets a baseline level of protection for consumers and helps reduce fraud and data breaches across the entire payment ecosystem. |
 | The Federal Risk and Authorization Management Program (FedRAMP) is a U.S. government initiative that standardizes security assessments for cloud services, ensuring they meet stringent federal security requirements. Netskope is proud to have achieved FedRAMP High authorization for our GovCloud platform, underscoring our commitment to providing secure, compliant solutions for handling the government’s most sensitive unclassified data. |
Our compliance efforts are reinforced through regular audits, assessments, and continuous monitoring to ensure that we not only meet but exceed regulatory requirements. With Netskope, you gain a trusted partner that prioritizes your privacy while enabling innovation and digital transformation.