Our security promise
Continual investment in our security program
We understand the importance in providing clear information about our security practices, tools, resources and responsibilities within Snyk, so that our customers can feel confident in choosing us as a trusted service provider and understand how and what we do in order to secure our platform.
Compliance
Snyk is proud to be externally verified as compliant to the following standards and can provide supporting evidence and information about the controls we have in place in specific relation to these standards. We also have several resource documents and mappings for compliance support when formal certifications or attestations may not be required or applied.
ISO 27001
At Snyk we have implemented an integrated Information Security management system which includes both the controls set for ISO27001 and ISO27017. Both sets of controls undergo external review on an annual basis.
ISO 27017
Snyk has chosen to implement the additional controls of ISO27017, to support our focus on compliance developed for cloud service providers to make a safer cloud-based environment and reduce the risk of security problems.
SOC 2 Type II
Snyk’s controls are assessed by Coalfire, who specialize in compliance across multiple industries, on an annual basis. Our reporting period is from May – June the following year. A copy of this report can be requested via your account team.
Laws and Regulations
Snyk believes in providing clarity on how we proactively protect your data and prioritize data privacy within our organization, so that you have the information you need to support your own regulatory and legislative requirements.
Information about Snyk’s information security controls is available in the security portal.
We take privacy seriously
Snyk takes your privacy very seriously. As a UK company with operations in Israel, Canada the USA, Europe and Asia, Snyk is subject to the EU General Data Protection Regulation (GDPR) and is fully committed to compliance with GDPR as well as any other laws it is subject to.
Externally validated controls
While there is no formal certification of our compliance we can offer our customers, adherence to all relevant information security regulations and legislation is externally validated as part of our ISO and SOC2 program as well as by our team of dedicated internal auditors on a regular basis.
Transparent policies
Snyk is committed to providing visibility of all privacy related policies and associated agreements. Our privacy policy covers how we handle personal data, the way we use it, and your rights in respect of your data. Our subprocessor list provides details of all third parties used as part of our service provision, that may require some level of data processing. Why, where and what service they provide is listed.