Compliance at Cloudflare

Here at Cloudflare, we think trust is fundamental to building a better Internet. Cloudflare adheres to industry standard security compliance certifications and regulations to help our customers earn their users’ trust.

ISO 27001:2013:
ISO/IEC 27001:2013 is an industry-wide accepted information security certification that focuses on the implementation of an Information Security Management System (ISMS) and security risk management processes. Cloudflare has been ISO 27001 certified since 2019 and the certificate is available upon request.
SOC 2 Type II:
Cloudflare has undertaken the AICPA SOC 2 Type II certification to attest to Security, Confidentiality, and Availability controls in place in accordance to the AICPA Trust Service Criteria. Cloudflare's SOC 2 Type II report covers security, confidentiality, and availability controls to protect customer data and is available upon request.
SOC 3:
Cloudflare maintains a SOC 3 report which is the public report of Security, Confidentiality, and Availability controls.
PCI DSS 3.2:
Cloudflare maintains PCI DSS Level 1 compliance and has been PCI compliant since 2014. Cloudflare's Web Application Firewall (WAF) is also a PCI compliant solution which enables customers to achieve PCI requirement 6.6. Cloudflare is audited annually by a third-party Qualified Security Assessor QSA. Cloudflare's Attestation of Compliance is available upon request.