Compliance

Cognite’s secure development lifecycle, spanning infrastructure, applications, and operations, is tested and audited by third parties, demonstrating compliance to: ISO 27001, ISO 9001, SOC 2 Type 2 (Security) and SOC 3 (Security). Cognite and CDF operation and data processing comply with GDPR.

ISO 9001

The Cognite Quality Management system (QMS) is certified according to ISO 9001:2015. Statement of Applicability is available upon request and under NDA.

ISO 27001

The Cognite Information Security Management system is certified according to ISO 27001. All controls of Annex A in ISO 27001:2022 are included in Cognite's Statement of Applicability. Statement of Applicability is available upon request and under NDA.

SSAE 18/ISAE 3000 Service Organization Control (SOC)

Cognite holds a SOC 2® type 2 (Security) attestation from a 3^rd party independent auditor. Acreddited report is available upon request and under NDA.

SOC 3 accredited report is also available.

SOC 2® - SOC for Service Organizations is developed by the American Institute of Certified Public Accountants (AICPA) and focuses on Trust Services Criteria.

Learn more: SOC 2® - SOC for Service Organizations: Trust Services Criteria.

CSA STAR

Cognite has a Cloud Security Alliance (CSA) STAR level 1 listing.

The Security, Trust, Assurance, and Risk (STAR) Registry is a publicly accessible registry that documents the security and privacy controls provided by popular cloud computing offerings.

Cognite CSA STAR level 1 listing

Learn more: Security, Trust, Assurance and Risk (Star) - The industry's most powerful program for security assurance in the cloud

More information

• Privacy and GDPR