Skip to content

GitHub Copilot Compliance: SOC 2, Type 1 Report and ISO/IEC 27001:2013 Certification Scope

We are excited to announce that compliance reports are now available for GitHub Copilot Business and Copilot Enterprise. Specifically, GitHub has published a SOC 2 Type I report for Copilot Business (including code completion in the IDE, and chat in the IDE, CLI, and Mobile). This Type 1 report demonstrates that Copilot Business has the controls in place necessary to protect the security of the service. We will include Copilot Business and Copilot Enterprise in our next SOC 2 Type 2 report coming in late 2024, covering April 1 to September 30, 2024.

Additionally, Copilot Business and Copilot Enterprise are now included in the scope of GitHub’s Information Security Management System, as reflected in our ISO 27001 certificate updated on May 9, 2024. This certification demonstrates that Copilot Business and Copilot Enterprise are developed and operated using the same security processes and standards as the rest of GitHub’s products.

Together, these reports reflect GitHub’s commitment to demonstrate our high bar for security and compliance to our customers. To learn more, please review our documentation on how to access compliance reports and certifications for your enterprise or for your organization.

We are excited to announce that organizations within an enterprise can now create network configurations indepndently of their enterprise for Azure private networking. Azure private networking is a powerful feature that allows you to run your Actions workflows on GitHub-hosted runners connected to your Azure virtual network, without compromising on security or performance. Previously, only enterprises and organizations associated with team plans could create network configurations. This caused a bottleneck for administrators who have been delegated the responsibility for managing network configurations.

Moving forward, enterprise administrators can enable this feature by navigating to the “Hosted compute networking” section of their enterprise policies and selecting “Enabled”. Once this setting has been saved, all organizations associated with the enterprise will be able to create their own network configurations.

To start using Azure private networking for Actions, follow this guide to walk you through configuring Azure resources and creating an Actions network configuration. For additional information, check out our docs here. Please note that Azure private networking is available for GitHub Enterprise Cloud & Team plans.

See more