Preview Mode
Documentation

Certifications and compliance resources

Learn about Cloudflare’s adherence to industry-standard security compliance certifications and regulations that help us preserve security and privacy.
Web Application and API Protection

Cloudflare was built to help you and your customers be more secure on the Internet. Access Cloudflare’s compliance documentation through the dashboard.

Web Application and API Protection

Certifications and Reports

ISO 27001:2013

Implementation of an Information Security Management System (ISMS) and security risk management processes certification.

Learn More
iso 27701 logo
ISO 27701:2019

Implementation of a comprehensive Privacy Information Management system (PIMS) certification.

Learn More
ISO 27018:2019

Extension of an ISMS to protect personal data when being processed in the cloud; privacy certification.

Learn More
FedRAMP
FedRAMP Moderate

Federal Risk and Authorization Management Program.

Learn More
soc logo formatted asset file
SOC 2 Type II

Certification to attest to Security, Confidentiality, and Availability controls in place in accordance to the AICPA Trust Service Criteria.

Learn More
PCS-DSS-4.0-Data protection
PCI DSS 4.0

Payment Card Industry Data Security Standard Attestation of Compliance.

Learn More
Global prps - logo
Global CBPR

The Global Cross-Border Privacy Rules (Global CBPR) system allows participating organizations to demonstrate compliance with internationally-recognized data protection standards, as a data controller. Cloudflare will certify to the Global CBPR system when organizations can be certified in 2025.

Global prps - logo
Global PRP

The Global Privacy Recognition for Processors (Global PRP) system allows participating organizations to demonstrate compliance with internationally-recognized data protection standards, as a data processor. Cloudflare will certify to the Global PRP system when organizations can be certified in 2025.

EU cloud code of conduct logo
EU Cloud Code of Conduct

The EU Cloud Code of Conduct is an officially approved GDPR Article 40 Code of Conduct. Read the report here.

Learn More
Cloudflare cyber essentials - logo
Cyber Essentials

Cloudflare’s certificate can be found here.

Learn More
C5 certification image
C5:2020

Cloud Computing Compliance Criteria Catalogue (C5:2020) is an auditing standard created by Germany's Federal Office for Information Security (BSI).

Learn More
Global prps - logo
BSI Qualification

Cloudflare has been recognized by the German government's Federal Office for Information Security as a qualified provider of DDoS mitigation services. Download this qualification to learn more.

Learn More
w3c logo
WCAG 2.1 AA and Section 508

Cloudflare's dashboard completes Voluntary Product Accessibility Template (VPAT) in compliance with international standards set forth by the Web Content Accessibility Guidelines (WCAG) 2.1 AA and in conformance with legal standards set forth by Section 508 of the Rehabilitation Act.

Request VPAT
1.1.1.1 logo
1.1.1.1 Public DNS Resolver Privacy Examination

Cloudflare conducted a first-of-its-kind privacy examination by a Big Four accounting firm to determine whether the 1.1.1.1 resolver was effectively configured to meet Cloudflare’s privacy commitments. See below for more information.

Read Report

Resources

Padlock icon
Data confidentiality and availability

Cloudflare encrypts data by default using the latest protocols, and offers granular control over where encryption keys are stored and where logs are sent.

Learn More
Padlock icon
Encryption

Cloudflare’s network can encrypt data throughout its journey from origin servers to end-users, using the very latest protocols.

Learn More
location pin
Data localization

In many regions — including the EU — Cloudflare lets organizations control which regional data centers their traffic is inspected in and where logs are sent.

Learn More
performance validator
Streamline data compliance

A composable platform that helps enterprises streamline compliance with extensible security controls across systems that help you connect, protect and build.

Learn More

Protect and accelerate your websites, apps, and teams.