Cloudflare is certified as ISO 27001, 27018 and 27701 compliant.
International Organization for Standardization (“ISO”) is an non-government, global entity that operates independently to bring experts together to create and maintain various management system standards. ISO releases standards to help organizations organize business processes and procedures to achieve specific objectives.
ISO 27001:2013 certified since 2019. Cloudflare’s ISMS has been assessed and certified by a third party auditor.
ISO 27018:2019 certified since 2022.
ISO 27701:2019 certified as a PII Processor and PII Controller since 2021. Cloudflare is one of the first organizations in our industry to have achieved ISO/IEC 27701 certification, and the first web performance and security company to be certified to the new ISO privacy standard as both a data processor and controller. Read our blog to learn more.
The scope of Cloudflare’s ISO certifications includes the Cloudflare global cloud platform and subsidiary offices.
ISO/IEC 27001 is an international standard for implementing an information security management system ("ISMS") published by the International Organization for Standardization’s ("ISO") and International Electrotechnical Commission ("IEC"). The ISO/IEC 27001 standard enables organizations to secure sensitive data and reduce the risk of cyber attacks by outlining a set of globally accepted management procedures and information security controls. In order to obtain an ISO certification, an organization’s information security management system must meet the criteria established by the management clauses defined by the ISO standard. In addition to the management clauses, there are 114 information security controls that may be included or omitted based on the risks the organization faces.
Organizations must complete a risk assessment or gap analysis to identify these risks and in turn document the justification for inclusion/omission in the Statement of Applicability. Both the certification and Statement of Applicability are essential to understanding the security measures an organization has taken.
Cloudflare is currently certified against ISO 27001:2013 and is transitioning to ISO 27001:2022 following ISO requirements.
ISO/IEC 27018 is an international privacy certification that extends an Information Security Management System ("ISMS") to protect personal data when being processed in a public cloud. The ISO 27018 standard contains enhancements to existing ISO 27002 controls and an additional set of 25 controls identified for organizations that are personal data processors.
ISO/IEC 27701 is a privacy certification, implementing a comprehensive Privacy Information Management System ("PIMS") aligned with various privacy regulations including the GDPR. The standard is designed such that the requirements organizations must meet to become certified are very closely aligned to the requirements in the EU’s General Data Protection Regulation (“GDPR”).
Super Administrators can access common compliance documentation through the Cloudflare dashboard. Your account executive or a member of the sales team can help you get a copy. Cloudflare requires an nondisclosure agreement (“NDA”) to view the Statement of Applicability.
An ISO 27001 certification serves as a lens into an organization’s information security management practices. In combination with the company’s Statement of Applicability (“SoA”), customers or prospects can rest assured that fundamental procedures and controls are in place, managed, and improved to protect their data by means of a formal information security management system.
ISO 27701 and 27018 certifications provide assurance to our customers that a third party has independently verified Cloudflare's commitment to the privacy and protection of customers' data and compliance with privacy regulations including the GDPR. Explore Cloudflare’s privacy policies and learn how we support regulatory requirements like the GDPR by visiting our privacy and data protection hub.
Certifying to an ISO privacy standard is a multi-step process that includes an internal and an external audit, before finally being certified against the standard by the independent auditor.
Visit Cloudflare’s Trust Hub to learn about additional compliance resources.
Explore Cloudflare’s privacy policies and learn how we support regulatory requirements like the GDPR by visiting our privacy and data protection hub.
Learn more about how Cloudflare’s connectivity cloud capabilities help enterprises streamline and map to compliance requirements across multiple standards by visiting our data compliance and protection page.
Aligning to NIS2 cyber security risk management obligations in the EU with Cloudflare
How Cloudflare helps address locality obligations, data protection in Europe
