null

GitHub has SOC 1 and SOC 2 Type 2 reports

Image of David Walton

GitHub continues to invest in security best practices to make sure your data stays safe, your developers are productive, and your team can focus on solving problems. Today we’re excited to share that GitHub has achieved both the AICPA Service Organization Controls (SOC) 1 and SOC 2 Type 2 compliance for GitHub Enterprise Cloud. 

For our international customers, we’ve maintained compliance with two IAASB International Standards on Assurance Engagements: the ISAE 3000 and 3402.  

If you are currently using GitHub Enterprise Cloud, you may request copies of the Type 2 audit reports through your support team. The audits do not apply to GitHub Enterprise Server.

Learn more about Service Organization Controls reporting at GitHub

Our focus on your security

We’re proud of this milestone, but security is an ongoing effort. GitHub’s information security program is continually focused on providing the best software development platform for engineers around the world.  We’re committed to providing GitHub Enterprise Cloud customers and their auditors with appropriate levels of assurance that their data is safe and secure on GitHub.com. The SOC and ISAE reports, our FedRAMP Tailored LiSaaS ATO, and the Cloud Security Alliance CAIQ are just a few ways we assure our safeguarding of your data.

Join us at GitHub Universe

Our largest product and community conference is returning to the Palace of Fine Arts in San Francisco, November 13-14. Hear what's next for the GitHub platform, find inspiration for your next project, and connect with developers who are changing the world.

Get tickets

GitHub Actions now supports CI/CD

GitHub Actions makes it easier to automate how you build, test, and deploy your projects on any platform, including Linux, macOS, and Windows. Try out the beta before GitHub Actions is generally available on November 13.

Sign up for the beta