Security of our products and services

Elastic's hosted and self-managed products are built with security in mind and include features engineered to keep customer information safe. This page is a resource for our customers who would like to better understand how Elastic products both meet and help ensure compliance with data protection laws and regulations.

Compliance standards

Elastic operates in compliance with key information security standards and regulations. Our services are independently audited and confirmed to meet privacy and compliance standards for data security and privacy via our certifications and attestations.

SOC 2

SOC 2

Service Organization Control

CSA STAR

CSA STAR

The Cloud Security Alliance Security Trust Assurance and Risk (STAR) Program

ISO/IEC 27001

ISO/IEC 27001

Information Security Management System (ISMS)

Download the certificate

ISO/IEC 27017

ISO/IEC 27017

Security Controls for the Provision and Use of Cloud Services

Download the certificate

ISO/IEC 27018

ISO/IEC 27018

Protection of Personally Identifiable Information (PII)

Download the certificate

HIPAA

HIPAA

Health Insurance Portability and Accountability Act

FedRAMP

FedRAMP

The Federal Risk and Authorization Management Program (FedRAMP)

Coming soon

Our approach

We take security seriously. Our experienced team of security practitioners work across disciplines such as security engineering, security assurance, and risk and compliance. They work with our entire organization, particularly our engineering team, to ensure world-class security for our technology and company.

Privacy

Elastic is committed to complying and supporting compliance with data protection laws and regulations, such as the EU General Data Protection Regulation, throughout our services.

Vulnerability management

Elastic is committed to rapidly addressing security vulnerabilities affecting our customers and providing clear guidance on impact, severity, and mitigation. Working with members of the security community and customers, our teams ensure that security vulnerabilities affecting our products are documented and that solutions are released in a responsible manner.

If you believe you have discovered a potential security vulnerability, report it using the instructions available on our security issues page.

Supply chain compliance

We carefully vet each of our vendors and open source projects to ensure they meet the standards and compliance we’re committed to. Elastic partners with select Infrastructure as a Service (IaaS) providers rather than maintaining our own data centers. Each of our IaaS providers regularly undergo independent third-party audits to ensure the security of their services.

Go ahead, protect your data

Securing your Elastic Stack is easy — and it makes good sense. (Plus, it's also available on Elastic Cloud.)