Compliance and Certifications
Third Party Reviews
To demonstrate how Checkmarx protects customer data, we provide independent third-party reports to our customers. We regularly pass rigorous third-party compliance audits of our security, availability, processing integrity, confidentiality, and privacy controls.
ISO 27001:2013 Certified
Checkmarx has successfully obtained its certification to the International Organization for Standardization (ISO) 27001:2013 standard. This standard formally specifies an Information Security Management System (ISMS), a suite of activities concerning the management of information security risks. The ISMS is an overarching management framework that allows Checkmarx to identify, analyze, and address its information risks. The ISMS ensures that our security arrangements are fine-tuned to keep pace with changes to security threats, vulnerabilities, and business impacts. The certification is achieved through a systematic and rigorous external examination of an organization’s information security risk profile that takes into account any threats or vulnerabilities.
SSAE16 – SOC2 Type 2 Certified
Checkmarx is SOC2 Type 2 certified by EY. The SOC 2 report demonstrates Checkmarx’s continuous commitment to internal information security practices, policies, procedures, and operations by meeting or exceeding the AICPA standards for security, availability, and confidentiality.
CSA STAR LEVEL 1 CERTIFICATION
Checkmarx successfully completed CSA's STAR Level 1 security assessment for our cloud-based Checkmarx One™ Application Security Platform.
Checkmarx is an extension of your software development processes and architecture. We designed Checkmarx One to meet your security standards, including data, application, network, and product security.
Checkmarx understands the importance of data privacy for our customers. Our programs, products, and services are structured to provide effective data privacy protections for Checkmarx, its customers, partners, and employees.
Our customers do business everywhere in the world. Checkmarx complies with global industry standards and regulations to protect both our business data and yours.
Checkmarx ensures all its products and services are designed and delivered to meet the requirements of the Confidentiality, Integrity, and Availability (CIA) triad. This provides the assurances you need to secure your application development, without slowing you down.
Checkmarx provides customers with additional details on security, privacy, compliance, and availability programs, including certifications, compliance reports, standard security questionnaires, and security architecture. For these and others, please contact your account team.
Existing customers and prospects under NDA can contact their account teams for our white paper detailing our security architecture, access control, infrastructure security and availability controls, data management controls, and more.