Cognite’s secure development lifecycle, spanning infrastructure, applications, and operations, is tested and audited by third parties, demonstrating compliance to:
ISO 27001, ISO 9001, ISO 27018, SOC 2 Type 2 (Security) and SOC 3 (Security).
Cognite and CDF operation and data processing comply with GDPR.
ISO 9001
The Cognite Quality Management system (QMS) is certified according to ISO 9001:2015. Statement of Applicability is available upon request and under NDA.
ISO 27001
The Cognite Information Security Management system is certified according to ISO 27001:2023.
All controls of Annex A in ISO 27001:2023 are included in Cognite’s Statement of Applicability. Statement of Applicability is available upon request and under NDA.
ISO 27018
The Cognite Information Security Management system is certified according to ISO 27018:2025. Statement of Applicability is available upon request and under NDA.
SSAE 18/ISAE 3000 Service Organization Control (SOC)
Cognite holds a SOC 2® type 2 (Security) attestation from a 3rd party independent auditor. Acreddited report is available upon request and under NDA.
SOC 3 accredited report is also available.
SOC 2® - SOC for Service Organizations is developed by the American Institute of Certified Public Accountants (AICPA) and focuses on Trust Services Criteria.
Learn more: SOC 2® - SOC for Service Organizations: Trust Services Criteria.
CSA STAR
Cognite has a Cloud Security Alliance (CSA) STAR level 1 listing.
The Security, Trust, Assurance, and Risk (STAR) Registry is a publicly accessible registry that documents the security and privacy controls provided by popular cloud computing offerings.
Cognite CSA STAR level 1 listing
Learn more: Security, Trust, Assurance and Risk (Star) - The industry’s most powerful program for security assurance in the cloud
Last modified on December 9, 2025
