COMPLIANCE AT CYBERARK
CyberArk is committed to leading compliance and regulatory measures designed to ensure that our business is compliant and your data is safe.
COMPLIANCE PROGRAM
CyberArk has obtained the following accreditations to provide independent assurance that our programs, products and services meet industry standards for security:
ISO 27001
International standard for managing information security. ISO details requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS).
SOC 2 Type 2
These reports help our customers and their auditors understand the controls CyberArk has established to support operations and compliance. CyberArk has achieved SOC 2 Type 2 certifications for many of our SaaS products.
CSA STAR Certification
Founded in 2013 by the Cloud Security Alliance, the Security Trust Assurance and Risk (STAR) registry encompasses key principles of transparency, rigorous auditing, and cloud security and privacy best practices.
SOC 3 Reports
A public facing report demonstrating CyberArk has met the AICPA Trust Services Security, Availability, and Confidentiality Criteria.
ISO 27017:2015
International standard for managing information security for cloud services, supplementing guidance from the ISO 27001 standard with specific guidelines for security controls in a cloud environment.
ISO 27018:2019
International standard for managing the security and privacy of Personally Identifiable Information (PII) within a cloud environment. This standard outlines how cloud service providers can assess risk and implement controls protecting PII.
CyberGRX
CyberGRX operates the world’s largest cyber risk exchange with over 250,000 participants. CyberArk participates in the CyberGRX Global Risk Exchange via an annual validated assessment. CyberArk customers can leverage our CyberGRX report to reduce their supplier due-diligence burden. CyberGRX assessments apply a dynamic and comprehensive approach to third party risk assessment, replacing outdated static spreadsheets as well as the need to repetitively request access to CyberArk’s assessment each year. The latest report can be accessed through CyberGRX’s Exchange Portal.
Supply Chain Security Program
CyberArk policies are designed to ensure that engagements with third parties are, where applicable, subject to a review and approval process by CyberArk, continuously monitored, and required to comply with security requirements as a condition of their engagement.
Internal & External Audit
CyberArk performs comprehensive security audits in partnership with leading audit firms on an annual basis. Additional risk-based internal audits are performed and reported to the Audit Committee as needed. All outputs are fed into a continuous improvement work plan which helps CyberArk continue sharpen our greater security program.
>72% of the Top 25 Fortune 500 Companies
Choose CyberArk across all industries
Insurance
80%
Financial
92%
Pharmaceutical
72%
Energy
84%
Manufacturing
84%
Telecom
80%
STILL HAVE SECURITY QUESTIONS?
Learn more with supporting resources.
