SOC 2 Type 2 - An assessment addressing a service provider's internal controls and systems related to security, availability, processing integrity, confidentiality, and privacy

SOC 2 Type 2 compliance is a widely recognized framework for managing and securing customer data, especially for service providers and technology companies. This compliance focuses on assuring that an organization's controls meet rigorous standards across five key areas known as the Trust Service Criteria: Security (protection against unauthorized access), Availability (ensuring system reliability), Processing Integrity (accuracy and completeness of processing), Confidentiality (protection of sensitive information), and Privacy (proper handling of personal data). SOC 2 Type 2 provides assurance that these controls are not only well-designed but also consistently effective over time.

Red Hat has third party attestations for SOC 2 Type 2 for the following products:

• Red Hat OpenShift Dedicated (RHOSD) on Amazon Web Services
• Red Hat OpenShift Dedicated (RHOSD) on Google Cloud Platform
• Red Hat OpenShift Service on AWS (RHOSA) classic architecture
• Red Hat OpenShift Service on AWS (RHOSA) with Hosted Control Planes (HCP)
• Red Hat OpenShift API Management (RHOAM)
• Red Hat OpenShift Data Foundation (RHODF)
• Red Hat Quay
• Red Hat Advanced Cluster Security for Kubernetes (RHACS)
• Red Hat Customer Portal
• Red Hat Single Sign-On (RHSSO)
• Red Hat Ansible Automation Platform Service on AWS (AAPS-AWS)

Red Hat Compliance Certifications and Attestations

For information about Microsoft Azure Red Hat OpenShift (ARO), please see the Azure compliance documentation.