Red Hat Compliance Certifications and Attestations

December 17, 2025 Red Hat Compliance Recertifications - 2025 HDS Certification achieved

The Product Security Compliance team is excited to announce that Red Hat OpenShift Dedicated, Red Hat Openshift on AWS Classic, Red Hat Openshift on AWS, Red Hat Openshift API management, and Red Hat Openshift AI has successfully completed its Hébergeur de Données de Santé (HDS) audit for hosting health data, a critical milestone that reinforces our commitment to the stringent security and compliance requirements for protecting sensitive French health data.

This achievement confirms adherence to the robust controls mandated by the French public health code for data centers and service providers that process or host personal health data. It highlights our dedication to the security, integrity, and confidentiality of customer health data and showcases Red Hat's unwavering focus on aligning with the highest standards required for healthcare IT systems.

We are especially proud to report that this certification was achieved with zero audit findings, a remarkable accomplishment that reflects the maturity and strength of our compliance posture. The certification process involved thorough assessments and seamless collaboration across multiple teams, including Engineering, HCM Security, Legal, Global Privacy, Information Security, Facilities, Human Resources, Infrastructure, Database, and Red Hat IT.

Achieving HDS compliance for these products strengthens Red Hat's position as a reliable partner in the digital health industry, ensuring that our AI capabilities can be utilized securely and responsibly with the most sensitive data.

On behalf of the Product Security Compliance team, we extend our sincere gratitude to everyone who contributed to this significant milestone: Achieving HDS (Hébergeur de Données de Santé) compliance for our core Red Hat OpenShift Cloud Subscription Services. This milestone ensures that Red Hat remains a trusted partner for organizations navigating the complexities of healthcare data hosting and AI innovation in France. We will continue to enhance our controls and services to meet and exceed the evolving security and regulatory expectations of this vital industry.

For real-time updates on security certifications, please refer to the Product compliance portal.

October 24, 2025 Red Hat Compliance Recertifications - Quay.io and Red Hat Advanced Cluster Security Cloud Service

The Product Security Compliance team is excited to announce a major milestone: Quay.io and Red Hat Advanced Cluster Security Cloud Service (RHACS CS) have successfully achieved multiple security recertifications, including ISO27001, ISO27017, ISO27018, PCI DSS v4.0, SOC 2 Type 2, and SOC 3.

We are incredibly proud to report that this achievement was accomplished with zero audit findings. This outstanding result is a testament to our company's unwavering commitment to security and privacy. This accomplishment would not have been possible without the dedication and hard work of many teams across the organization. We extend a sincere thank you to everyone in Engineering, Legal, IT, and all other departments who collaborated to make this happen. A special thank you goes out to the core Quay.io and RHACS CS teams for their exceptional efforts.

These recertifications underscore Red Hat's commitment to security, governance, and compliance, positioning us as a leader in the industry:

ISO27001: Demonstrates a systematic and proactive approach to managing information security risks, ensuring the confidentiality, integrity, and availability of our information assets. This reinforces our dedication to maintaining robust security practices.

ISO27017: Provides guidelines for information security controls applicable to the provision and use of cloud services. This certification highlights our commitment to secure cloud environments and protects customer data in the cloud.

ISO27018: Focuses on the protection of Personally Identifiable Information (PII) in public clouds. This reassures our customers that their privacy is a top priority and that we adhere to the highest standards for data protection.

PCI DSS v4.0: Ensures that we maintain a secure environment for processing, storing, and transmitting credit card information. This is critical for our customers who handle sensitive payment data, solidifying our reputation as a trustworthy partner.

SOC 2 Type 2: Provides independent assurance that our internal controls related to security, availability, processing integrity, confidentiality, and privacy are effectively designed and operating over a period of time. This builds trust and confidence with our customers regarding the security and reliability of our services.

SOC 3: Offers a general-use report on the effectiveness of our controls over security, availability, processing integrity, confidentiality, and privacy. This readily available report showcases our commitment to transparency and robust control frameworks.

October 16, 2024 Red Hat Compliance Certifications and Attestations - ACS CS and Quay.io

Red Hat has achieved first-time certification of the following attestations and certifications for Quay.io and Red Hat Advanced Cluster Security Cloud Services (RHACS CS): SOC 1 Type 2, SOC 2 Type 2, PCI-DSS 4.0, ISO 27001, ISO 27017, and ISO 27018. As a result, RHACS CS and Quay.io have been officially added to Red Hat’s portfolio of certified Cloud Managed Service offerings.

The audit process resulted in zero findings across all frameworks. These certifications were achieved through rigorous and detailed assessments, with close collaboration across numerous Red Hat teams, including Engineering, Legal, Global Privacy, Information Security, Facilities, Human Resources, Infrastructure, Database, and IT.

Much of our success can be attributed to the consistency in tooling, processes, and procedures across the stack by our SRE partners. Attention to these details helped ensure alignment with stringent industry requirements and internationally recognized certifications with widespread cross-framework applicability.

The Product Security Compliance team would like to extend our sincere gratitude to everyone involved in these endeavors. Our team remains steadfast in monitoring our controls, implementing necessary improvements, and upholding our products' adherence to meeting and exceeding industry security standards.

May 9, 2024 Red Hat Compliance Certifications and Attestations

Red Hat has achieved recertification of SOC 2 Type 2, PCI-DSS 4.0, ISO 27001, ISO 27017, and ISO 27018 certifications and attestations and a first-time certification of SOC 1 Type 2 through a consolidated audit process for the following services:

• OpenShift Dedicated running on AWS
• OpenShift Dedicated running on GCP
• Red Hat OpenShift Service on AWS (ROSA)
• Red Hat OpenShift Service on AWS with Hosted Control Planes (HCP)
• Red Hat OpenShift API Management (RHOAM)
• Red Hat OpenShift AI (RHOAI)
• Red Hat OpenShift Data Foundation (RHODF)

SOC 2 Type 2 attestation for Customer Portal, UGC, and SSO applications has also been attained. These certifications demonstrate our unwavering commitment to safeguarding customer data with the highest industry standards, underscoring our dedication to security and privacy.

These rigorous audits resulted in zero findings across all frameworks and demonstrate our alignment with industry requirements. Achieving these certifications involved exhaustive assessments and close collaboration across numerous teams, including Engineering, Legal, Global Privacy, Information Security, Facilities, Human Resources, Infrastructure, Database, and Red Hat IT teams.

Consistency in tooling, processes, and procedures across the stack by our SRE partners is key to the repeated success of our compliance efforts.

The Product Security Compliance team extends gratitude to everyone involved in this endeavor. Our team remains steadfast in monitoring our controls and implementing necessary improvements to uphold our products' adherence to meeting and exceeding industry security standards.