Security of our products and services

Elastic's hosted and self-managed products are built with security in mind and include features engineered to keep customer information safe. This page is a resource for our customers who would like to better understand how Elastic products both meet and help ensure compliance with data protection laws and regulations.

  • Privacy

    Learn how to get your Elasticsearch data compliant through our GDPR compliance page. Visit our General Privacy Statement page for information on how we collect, use, share and otherwise process personal data.

  • Elastic Cloud

    We’re entrusted with securing thousands of customers' valuable data. See how we earn that trust on our Elastic Cloud Security page.

  • Products

    See the inherent data security functionalities of the Elastic Stack on the Elastic Stack Security page. Learn about Elastic Security, our security solution that combines endpoint security and SIEM for holistic and unified protection.

Compliance standards

Elastic operates in compliance with key information security standards and regulations. Our services are independently audited and confirmed to meet privacy and compliance standards for data security and privacy via our certifications and attestations.

  • PCI DSS

    PCI DSS

    Elastic has achieved certification as a Level 1 Service Provider for Elastic Cloud.

  • FedRAMP

    Elastic Cloud is authorized at the Moderate Impact level for the Federal Risk and Authorization Management Program.

  • CSA STAR

    The Cloud Security Alliance Security Trust Assurance and Risk (STAR) Program

  • ISO/IEC 27001

    Information Security Management System (ISMS)

  • ISO/IEC 27017

    Security Controls for the Provision and Use of Cloud Services

  • ISO/IEC 27018

    Protection of Personally Identifiable Information (PII)

  • ISAE 3000

    International Standard on Assurance Engagements (ISAE) No. 3000

  • SOC 2

    Service Organization Control

  • SOC 3

    Elastic Cloud, Elastic Support, and Elastic App + Site Search are all compliant with SOC 3 requirements.

  • TISAX

    Trusted Information Security Assessment Exchange: rated high protection level (AL 2)

    Log in to ENX portal to retrieve assessment results Assessment ID: AKZT2N-2 and/or Scope ID: S8ZT2N

  • HIPAA

    Health Insurance Portability and Accountability Act

Our approach

We take security seriously. Our experienced team of security practitioners work across disciplines such as security engineering, security assurance, and risk and compliance. They work with our entire organization, particularly our engineering team, to ensure world-class security for our technology and company.

Privacy

Elastic is committed to complying and supporting compliance with data protection laws and regulations, such as the EU General Data Protection Regulation, throughout our services.

Vulnerability management

Elastic is committed to rapidly addressing security vulnerabilities affecting our customers and providing clear guidance on impact, severity, and mitigation. Working with members of the security community and customers, our teams ensure that security vulnerabilities affecting our products are documented and that solutions are released in a responsible manner.

If you believe you have discovered a potential security vulnerability, report it using the instructions available on our security issues page.

Supply chain compliance

We carefully vet each of our vendors and open source projects to ensure they meet the standards and compliance we’re committed to. Elastic partners with select Infrastructure as a Service (IaaS) providers rather than maintaining our own data centers. Each of our IaaS providers regularly undergo independent third-party audits to ensure the security of their services.

Go ahead, protect your data

Securing your Elastic Stack is easy — and it makes good sense. (Plus, it's also available on Elastic Cloud.)