Skip to main content
Cognite’s secure development lifecycle, spanning infrastructure, applications, and operations, is tested and audited by third parties, demonstrating compliance to: ISO 27001, ISO 9001, ISO 27018, SOC 2 Type 2 (Security) and SOC 3 (Security). Cognite and CDF operation and data processing comply with GDPR.

ISO 9001

The Cognite Quality Management system (QMS) is certified according to ISO 9001:2015. Statement of Applicability is available upon request and under NDA.

ISO 27001

The Cognite Information Security Management system is certified according to ISO 27001:2023. All controls of Annex A in ISO 27001:2023 are included in Cognite’s Statement of Applicability. Statement of Applicability is available upon request and under NDA.

ISO 27018

The Cognite Information Security Management system is certified according to ISO 27018:2025. Statement of Applicability is available upon request and under NDA.

SSAE 18/ISAE 3000 Service Organization Control (SOC)

Cognite holds a SOC 2® type 2 (Security) attestation from a 3rd party independent auditor. Acreddited report is available upon request and under NDA. SOC 3 accredited report is also available. SOC 2® - SOC for Service Organizations is developed by the American Institute of Certified Public Accountants (AICPA) and focuses on Trust Services Criteria. Learn more: SOC 2® - SOC for Service Organizations: Trust Services Criteria.

CSA STAR

Cognite has a Cloud Security Alliance (CSA) STAR level 1 listing. The Security, Trust, Assurance, and Risk (STAR) Registry is a publicly accessible registry that documents the security and privacy controls provided by popular cloud computing offerings. Cognite CSA STAR level 1 listing Learn more: Security, Trust, Assurance and Risk (Star) - The industry’s most powerful program for security assurance in the cloud

More information

Last modified on January 27, 2026