Veracode delivers an application security service that is end to end, built for scale, and works to systematically reduce application security risks. But Veracode recognizes that customers need assurance that its services are delivered securely and assurance that customer binaries and analysis results remain confidential.
This page outlines the certifications Veracode has received that attest to our efforts to secure our customers information. Click on the SysTrust seal below to access the Veracode SysTrust report;
Veracode has received a SOC 2 Type II attestation report evidencing that appropriate internal controls are in place relating to the security, availability and confidentially of customer information within our environment.
The SOC 2 Type II report represents that Veracode, as a service organization, has been through an independent examination and evaluation of our control activities as they relate to applicable Trust Services Principles and Criteria (2017) defined by the AICPA.
Veracode’s SOC 2 Type II Report includes Veracode’s system description and provides an assurance that controls implemented by Veracode were suitably designed to meet or exceed the prescribed criteria for applicable trust principles, including detailed testing of the design and operating effectiveness of controls for:
Security: The system is protected against unauthorized access (both physical and logical);
Availability: The system is available for operation and use as committed or agreed; and
Confidentiality: Information designated as confidential is protected as committed or agreed.
The SOC 2 report is for limited distribution and shared under non-disclosure agreement (NDA). Please direct all requests through your Veracode Account Executive, Account Manager or Customer Service Representative.
Veracode has certified that it adheres to the Privacy Shield Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Privacy Shield program, please visit https://www.privacyshield.gov. To view Veracode’s current self-certification, please visit https://www.privacyshield.gov/list.
The Federal Risk and Authorization Management Program, or FedRAMP, is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. FedRAMP is the result of close collaboration with cybersecurity and cloud experts from the General Services Administration (GSA), National Institute of Standards and Technology (NIST), Department of Homeland Security (DHS), Department of Defense (DOD), National Security Agency (NSA), Office of Management and Budget (OMB), the Federal Chief Information Officer (CIO) Council and its working groups, as well as private industry.