Certifications

SOC 2 Type II

Veracode has received a SOC 2 Type II attestation report evidencing that appropriate internal controls are in place relating to the security, availability, and confidentially of customer information within our environment.

The SOC 2 Type II report represents that Veracode, as a service organization, has been through an independent examination and evaluation of our control activities as they relate to applicable Trust Services Principles and Criteria (2017) defined by the AICPA.

Veracode’s SOC 2 Type II Report includes Veracode’s system description and provides an assurance that controls implemented by Veracode were suitably designed to meet or exceed the prescribed criteria for applicable trust principles, including detailed testing of the design and operating effectiveness of controls for:

• Security: The system is protected against unauthorized access (both physical and logical);
• Availability: The system is available for operation and use as committed or agreed; and
• Confidentiality: Information designated as confidential is protected as committed or agreed.

The SOC 2 report is for limited distribution and shared under non-disclosure agreement (NDA). Please direct all requests through your Veracode Account Executive, Account Manager, or Customer Service Representative.