Red Hat Compliance Certifications and Attestations
Table of Contents
October 16, 2024 Red Hat Compliance Certifications and Attestations - ACS CS and Quay.io
Red Hat has achieved first-time certification of the following attestations and certifications for Quay.io and Red Hat Advanced Cluster Security Cloud Services (RHACS CS): SOC 1 Type 2, SOC 2 Type 2, PCI-DSS 4.0, ISO 27001, ISO 27017, and ISO 27018. As a result, RHACS CS and Quay.io have been officially added to Red Hat’s portfolio of certified Cloud Managed Service offerings.
The audit process resulted in zero findings across all frameworks. These certifications were achieved through rigorous and detailed assessments, with close collaboration across numerous Red Hat teams, including Engineering, Legal, Global Privacy, Information Security, Facilities, Human Resources, Infrastructure, Database, and IT.
Much of our success can be attributed to the consistency in tooling, processes, and procedures across the stack by our SRE partners. Attention to these details helped ensure alignment with stringent industry requirements and internationally recognized certifications with widespread cross-framework applicability.
The Product Security Compliance team would like to extend our sincere gratitude to everyone involved in these endeavors. Our team remains steadfast in monitoring our controls, implementing necessary improvements, and upholding our products' adherence to meeting and exceeding industry security standards.
For real-time updates on security certifications, please refer to the Product Security Compliance Source page.
May 9, 2024 Red Hat Compliance Certifications and Attestations
Red Hat has achieved recertification of SOC 2 Type 2, PCI-DSS 4.0, ISO 27001, ISO 27017, and ISO 27018 certifications and attestations and a first-time certification of SOC 1 Type 2 through a consolidated audit process for the following services:
- OpenShift Dedicated running on AWS
- OpenShift Dedicated running on GCP
- Red Hat OpenShift Service on AWS (ROSA)
- Red Hat OpenShift Service on AWS with Hosted Control Planes (HCP)
- Red Hat OpenShift API Management (RHOAM)
- Red Hat OpenShift AI (RHOAI)
- Red Hat OpenShift Data Foundation (RHODF)
SOC 2 Type 2 attestation for Customer Portal, UGC, and SSO applications has also been attained. These certifications demonstrate our unwavering commitment to safeguarding customer data with the highest industry standards, underscoring our dedication to security and privacy.
These rigorous audits resulted in zero findings across all frameworks and demonstrate our alignment with industry requirements. Achieving these certifications involved exhaustive assessments and close collaboration across numerous teams, including Engineering, Legal, Global Privacy, Information Security, Facilities, Human Resources, Infrastructure, Database, and Red Hat IT teams.
Consistency in tooling, processes, and procedures across the stack by our SRE partners is key to the repeated success of our compliance efforts.
The Product Security Compliance team extends gratitude to everyone involved in this endeavor. Our team remains steadfast in monitoring our controls and implementing necessary improvements to uphold our products' adherence to meeting and exceeding industry security standards.
For real-time updates on security certifications, please refer to the Product Security Compliance Source page.
Comments