Trust & Security

Earning and keeping your trust is everything to us.

Compliance Certifications

Varonis has certification for compliance with ISO 27001, 27017, 27018, and 27701. These certifications were performed by an independent, official ISO third-party auditor.

ISO-27001-Logo

ISO/IEC 27001:2013

is the best-known standard that provides requirements for an information security management system (ISMS).

View certificate
ISO 27017 certified logo

ISO/IEC 27017:2015

gives guidelines for information security controls applicable to the provision and use of cloud services.

View certificate
ISO 27018 Certified logo

ISO/IEC 27018:2019

establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information (PII) in accordance with the privacy principles in ISO/IEC 29100 for the public cloud computing environment.

View certificate
ISO 27701 logo

ISO/IEC 27701

guidance for establishing, implementing, maintaining and continually improving a Privacy Information Management System (PIMS) in the form of an extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy management within the context of the organization.

View certificate
AICPA | SOC

SOC 2

SOC 2 (System and Organization Controls) is a regularly refreshed report that focuses on non-financial reporting controls as they relate to security, availability, and confidentiality of a cloud service.

Learn more
AICPA | SOC

SOC 3

SOC 3 (System and Organization Controls) is a regularly refreshed report that focuses on internal controls as they relate to security, availability, and confidentiality of a cloud service.

Download

Federal government

niap_logo

NIAP Common Criteria Certification

Testing and validation for Varonis was completed by Acumen Security, a National Institute of Standards and Technology (NIST) accredited and NIAP-approved commercial testing laboratory, in December 2020. Common Criteria Certification is valid for two years.

View certificate

Security Practices

We’re committed to information security at every level of our organization.

The Varonis security program is based on industry-leading best practices. Along with third-party penetration tests, Varonis uses dynamic application testing and automated scanning to continually validate our software’s security.

 

You can read about our security practices for DatAdvantage Cloud, specifically, here:

DatAdvantage Cloud Security Standards & Practices

Our secure software development lifecycle includes:

Icon_UserGroup_ElectricBlue.

A team of security architects within the R&D organization who specialize in software security.

Icon_Compliance_ElectricBlue.

Architecture design that adheres to National Institute of Standards and Technology (NIST) principles.

Icon_CyberSecurity_ElectricBlue.

Identifying and tracking application security issues, threat mapping, and developing appropriate mitigations.

Icon_FileLabel_ElectricBlue

Application Security Verification Processes (ASVS) closely aligned with the OWASP framework with elements of the OWASP ASVS.

Icon_DotGrid4_ElectricBlue.

Each new feature goes through security architecture review which includes threat mapping, applicable controls are included in the feature design and development.

Privacy Policies

Your privacy matters to us. If you have any questions regarding your privacy or the information that we collect about you, please contact us at privacy@varonis.com.