compliance

Subscribe to all “compliance” posts via RSS or follow GitHub Changelog on Twitter to stay updated on everything we ship.

→ ~ cd github-changelog

→ ~/github-changelog|main git log main

showing all changes successfully

GitHub Copilot Compliance: SOC 2, Type 1 Report and ISO/IEC 27001:2013 Certification Scope

June 3, 2024

We are excited to announce that compliance reports are now available for GitHub Copilot Business and Copilot Enterprise. Specifically, GitHub has published a SOC 2 Type I report for Copilot Business (including code completion in the IDE, and chat in the IDE, CLI, and Mobile). This Type 1 report demonstrates that Copilot Business has the controls in place necessary to protect the security of the service. We will include Copilot Business and Copilot Enterprise in our next SOC 2 Type 2 report coming in late 2024, covering April 1 to September 30, 2024.

Additionally, Copilot Business and Copilot Enterprise are now included in the scope of GitHub’s Information Security Management System, as reflected in our ISO 27001 certificate updated on May 9, 2024. This certification demonstrates that Copilot Business and Copilot Enterprise are developed and operated using the same security processes and standards as the rest of GitHub’s products.

Together, these reports reflect GitHub’s commitment to demonstrate our high bar for security and compliance to our customers. To learn more, please review our documentation on how to access compliance reports and certifications for your enterprise or for your organization.

See more See more

New and Updated ISO and CSA STAR Certifications Are Now Available

July 5, 2023

The 2023 updates to our ISO/IEC 27001:2013 certificate can be downloaded now. In addition, we have completed the processes for ISO/IEC 27701:2019 (PII Processor), ISO/IEC 27018:2019, and CSA STAR certifications. Those certificates can also be downloaded now.

For enterprises, administrators may download this report by navigating to the Compliance tab of the enterprise account: https://github.com/enterprises/"your-enterprise"/settings/compliance.
For organizations, owners may find these reports under Security > Compliance settings tab of their organization: https://github.com/organizations/"your-org"/settings/compliance.

For detailed guidance on accessing these reports, read our compliance documentation for organizations and enterprises.

Check out the GitHub blog for more information.

See more See more

2023 Update for Services Continuity and Incident Plan

May 26, 2023

GitHub Enterprise Cloud administrators can now download and view the updated Services Continuity and Incident Plan for 2023.

To learn more, please review our documentation on how to access compliance reports for your enterprise or for your organization.

See more See more

ISO/IEC 27001:2013 Certification Now Available

May 16, 2022

Our newly available ISO/IEC 27001:2013 Certification report can be downloaded now.

For enterprises, administrators may download this report by navigating to the Compliance tab of the enterprise account: https://github.com/enterprises/"your-enterprise"/settings/compliance.
For organizations, owners may find these reports under 'Security' > Authentication Security settings tab of their organization: https://github.com/organizations/"your-org"/settings/security.
For everyone else, you may download this report at any time by navigating to the GitHub security page, https://github.com/security.

To learn more about this new report, check out our blog post.

See more See more