Our approach to security
Varonis builds security into everything we do. We continuously refine and share our security practices so customers can trust our solutions and approach.
Read our security whitepaper
Our approach to privacy
We know how valuable our customers’ data. Our products and processes are built to adhere to privacy-by-design principles.
Read our privacy whitepaper
Our cloud-native architecture
Today’s data security challenges require a cloud-native SaaS platform. The Varonis Data Security platform is built on three core principles: security, scale, and compliance.
Learn about Varonis in the cloudCompliance Certifications
At Varonis, the security of our products is always top of mind. Varonis works closely with third-party auditing firms to ensure our products meet strict industry standards and are audited and reviewed regularly.
ISO/IEC 27001:2022
ISO/IEC 27001:2022 is the best-known standard that provides requirements for an information security management system (ISMS).
ISO/IEC 27017:2015
ISO/IEC 27017:2015 gives guidelines for information security controls applicable to the provision and use of cloud services.
ISO/IEC 27018:2019
ISO/IEC 27018:2019 establishes commonly accepted control objectives for implementing measures to protect Personally Identifiable Information (PII) in accordance with the privacy principles in ISO/IEC 29100 for public cloud.
ISO/IEC 27701:2019
ISO/IEC 27701:2019 guidance for establishing, implementing, and continually improving a Privacy Information Management System (PIMS) in the form of an extension to ISO/IEC 27001 and ISO/IEC 27002.
SOC 2 Type 2
Varonis achieved SOC 2 compliance. SOC 2 is a regularly refreshed report that focuses on non-financial reporting controls as they relate to security, availability, confidentiality, and privacy of a cloud service. Available upon request — ask your account team for details.
SOC 3
Varonis achieved SOC compliance. SOC 3 (System and Organization Controls) is a regularly refreshed report that focuses on internal controls as they relate to security, availability, confidentiality, and privacy of a cloud service.
CSA STAR
confirms that Varonis successfully completed CSA's STAR Level 1 self assessment for the Varonis SaaS Data Security Platform and Varonis DatAdvantage Cloud, Varonis' cloud-hosted solutions.
PCI-DSS
Payment Card Industry Data Security Standards are technical and operational requirements set by the PCI Security Standards Council to protect cardholder data. Varonis Data Security Platform is compliant with PCI DSS v3.2.1.
Cyber Essentials
Cyber Essentials is a UK-government backed program that helps protect organizations against a range of common cyber attacks. Varonis received its Certificate of Assurance from Cyber Essentials.
HIPAA
Varonis practices are HIPAA-compliant, and we've executed Business Associate Agreements (BAAs) with our relevant sub-processors. Our HIPAA report is provided upon request; please see your Varonis account manager for more information.
NIAP Common Criteria Certification
Testing and validation for Varonis was completed by Acumen Security, a National Institute of Standards and Technology (NIST) accredited and NIAP-approved commercial testing laboratory. Common Criteria Certification is valid for two years.
Have questions? Contact us.
Report a vulnerability
Report security issue
Privacy inquiries
Request to cease processing or delete PII
