 New Message!_files/logo-veracode.svg){kind=logo}
Header Navigation
Certifications
 New Message!_files/Integrations-hero.jpg)
Certifications and Security at Every Level
Veracode delivers an application security service that is end to end, built for scale, and works to systematically reduce application security risks. But Veracode recognizes that customers need assurance that its services are delivered securely and assurance that customer binaries and analysis results remain confidential.
This page outlines the certifications Veracode has received that attest to our efforts to secure our customers information. Click on the SysTrust seal below to access the Veracode SysTrust report;
SOC 2 Type II
Veracode has received a SOC 2 Type II attestation report evidencing that appropriate internal controls are in place relating to the security, availability and confidentially of customer information within our environment.
The SOC 2 Type II report represents that Veracode, as a service organization, has been through an independent examination and evaluation of our control activities as they relate to applicable Trust Services Principles and Criteria (2017) defined by the AICPA.
Veracode’s SOC 2 Type II Report includes Veracode’s system description and provides an assurance that controls implemented by Veracode were suitably designed to meet or exceed the prescribed criteria for applicable trust principles, including detailed testing of the design and operating effectiveness of controls for:
- Security: The system is protected against unauthorized access (both physical and logical);
- Availability: The system is available for operation and use as committed or agreed; and
- Confidentiality: Information designated as confidential is protected as committed or agreed.
The SOC 2 report is for limited distribution and shared under non-disclosure agreement (NDA). Please direct all requests through your Veracode Account Executive, Account Manager or Customer Service Representative.
Privacy Shield
Veracode has certified that it adheres to the Privacy Shield Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Privacy Shield program, please visit https://www.privacyshield.gov. To view Veracode’s current self-certification, please visit https://www.privacyshield.gov/list.
FedRAMP
Veracode is currently in process for FedRAMP compliance.
The Federal Risk and Authorization Management Program, or FedRAMP, is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. FedRAMP is the result of close collaboration with cybersecurity and cloud experts from the General Services Administration (GSA), National Institute of Standards and Technology (NIST), Department of Homeland Security (DHS), Department of Defense (DOD), National Security Agency (NSA), Office of Management and Budget (OMB), the Federal Chief Information Officer (CIO) Council and its working groups, as well as private industry.
Cookie Use
We use cookies to collect information to help us personalise your experience and improve the functionality and performance of our site. By continuing to use our site [without first changing your browser setting], you consent to our use of cookies. For more information see our cookies policy.
Veracode is a leading provider of enterprise-class application security, seamlessly integrating agile security solutions for organizations around the globe. In addition to application security services and secure devops services, Veracode provides a full security assessment to ensure your website and applications are secure, and ensures full enterprise data protection. Application protection services from Veracode include white box testing, and mobile application security testing, with customized solutions that eliminate vulnerabilities at all points along the development life cycle.
*Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
 New Message!_files/t.gif)