Cloudflare was built to help you and your customers be more secure on the Internet. Access Cloudflare’s compliance documentation through the dashboard.
Implementation of an Information Security Management System (ISMS) and security risk management processes certification.
Implementation of a comprehensive Privacy Information Management system (PIMS) certification.
Extension of an ISMS to protect personal data when being processed in the cloud; privacy certification.
Certification to attest to Security, Confidentiality, and Availability controls in place in accordance to the AICPA Trust Service Criteria.
The Global Cross-Border Privacy Rules (Global CBPR) system allows participating organizations to demonstrate compliance with internationally-recognized data protection standards, as a data controller. Cloudflare will certify to the Global CBPR system when organizations can be certified in 2025.
The Global Privacy Recognition for Processors (Global PRP) system allows participating organizations to demonstrate compliance with internationally-recognized data protection standards, as a data processor. Cloudflare will certify to the Global PRP system when organizations can be certified in 2025.
The EU Cloud Code of Conduct is an officially approved GDPR Article 40 Code of Conduct. Read the report here.
Cloud Computing Compliance Criteria Catalogue (C5:2020) is an auditing standard created by Germany's Federal Office for Information Security (BSI).
Cloudflare has been recognized by the German government's Federal Office for Information Security as a qualified provider of DDoS mitigation services. Download this qualification to learn more.
Cloudflare's dashboard completes Voluntary Product Accessibility Template (VPAT) in compliance with international standards set forth by the Web Content Accessibility Guidelines (WCAG) 2.1 AA and in conformance with legal standards set forth by Section 508 of the Rehabilitation Act.
Cloudflare conducted a first-of-its-kind privacy examination by a Big Four accounting firm to determine whether the 1.1.1.1 resolver was effectively configured to meet Cloudflare’s privacy commitments. See below for more information.
Cloudflare encrypts data by default using the latest protocols, and offers granular control over where encryption keys are stored and where logs are sent.
Cloudflare’s network can encrypt data throughout its journey from origin servers to end-users, using the very latest protocols.
In many regions — including the EU — Cloudflare lets organizations control which regional data centers their traffic is inspected in and where logs are sent.
A composable platform that helps enterprises streamline compliance with extensible security controls across systems that help you connect, protect and build.