Certifications

Veracode announces availability of Service Organization Controls (SOC 2 Type II) Report on Controls Relevant to Security, Availability and Confidentiality

One of the first companies in this industry to be audited under the most stringent requirements of the American Institute of Certified Public Accountants (AICPA), demonstrates Veracode’s security rigor for data protection and availability

The security of your data is paramount! Veracode wishes to assure its customers it maintains the confidentiality of information in a secure and reliable manner, and that the information is available when needed.

We are very pleased to announce Veracode has received a SOC 2 attestation report, ensuring we have appropriate internal controls in place for security, availability and confidentially of our environment.

A SOC 2 report is widely recognized to meet the assurance and reporting needs because it represents a service organization has been through an examination and evaluation of their control activities as they relate to applicable Trust Services Principles and Criteria defined by the AICPA.

Veracode’s SOC 2 Type II Report includes Veracode’s system description and provides an assurance that controls implemented by Veracode were suitably designed to meet or exceed the prescribed criteria for applicable trust principles, including detailed testing of the design and operating effectiveness of controls for

  • Security               The system is protected against unauthorized access (both physical and logical);
  • Availability         The system is available for operation and use as committed or agreed; and
  • Confidentiality   Information designated as confidential is protected as committed or agreed.

Service Organization Controls (SOC) reports are designed to help organizations that operate information systems and provide information system services to other entities build trust and confidence in their service delivery processes and controls through a report by an independent Certified Public Accountant.

The SOC 2 report is for limited distribution and shared under non disclosure agreement (NDA). Please direct all requests through your Veracode Account Executive, Account Manager or Customer Service Representative.

The SOC 3 SysTrust report is for general distribution and publicly available; Download the report.

Veracode Receives SysTrust Certification from Ernst & Young

Veracode is committed to protecting the security and confidentiality of our customers' information as if it were our own. To that end, we are pleased to announce that Veracode has achieved SysTrust certification - an audit by an outside, independent auditor to ensure we have appropriate internal controls in place for security and confidentiality of our environment.
 
The SysTrust examination is a rigorous process developed by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA) to provide independent assurance that an organization's systems are reliable. Ernst & Young evaluated Veracode's operational practices and controls and awarded Veracode with an unqualified certification regarding Veracode's conformity with the following SysTrust principles:
  • Security               The system is protected against unauthorized access (both physical and logical);
  • Availability         The system is available for operation and use as committed or agreed; and
  • Confidentiality   Information designated as confidential is protected as committed or agreed.
The examination provides additional validation to Veracode clients that the Veracode Code Assurance Platform and software as a service model is secure.
 
Click on the SysTrust seal below to access the Veracode SysTrust report.

Veracode Achieves Safe Harbor Certification

Veracode has certified its compliance with the Safe Harbor frameworks designed to satisfy the "adequacy" requirement under the European Directive on Data Protection and the Swiss Federal Data Protection Act; effective January 30, 2013.
 
Personal Information collected via this Web site is stored on servers in the USA, and these servers are subject to Veracode security policies and procedures.