Security and compliance

Ping Identity is SOC 2 Type 2-certified. This confirms that Ping Identity’s information security practices, policies, procedures, and operations meet the SOC 2 standards for security, availability, and confidentiality. Our adherence to these standards is externally validated by an independent third party annually.

Our SOC 2 report is available to customers under an NDA on the Ping Identity Support Portal.

Ping Identity’s information security management system (ISMS) has been independently assessed and certified to the ISO 27001 standard. Ping Identity has included ISO 27017 and ISO 27018 into its certified ISMS and has also achieved independent certifications validating that the controls and implementation guidance relevant to those standards are in place and operational.

The scope of Ping Identity’s ISMS covers all major offices used in the development of Ping Identity products, all of our product offerings, both standalone on-premises products and our cloud services (PingOne, PingOne Advanced Services, and Advanced Identity Cloud), as well as all supporting infrastructure, systems, and internal processes.

Our ISO 27001 certificate is available in the Shellman Certificate Directory by searching for Ping Identity.

Ping Identity’s cloud offerings are certified as meeting the criteria of the Cloud Security Alliance Cloud Controls Matrix (Version 4). Our CSA STAR (Level 2) Attestation demonstrates Ping Identity’s commitment to high standards and industry-accepted cloud security controls and transparency of our security posture.

Our attestation and the CSA Consensus Assessments Initiative Questionnaire are available on the CSA STAR (Level 2) Registry Page.

The Health Insurance Portability and Accountability Act (HIPAA) is the US national standard for health information security and privacy that governs the use and disclosure of sensitive protected health information (PHI).

Advanced Identity Cloud complies with HIPAA security standards, as well as the breach notification requirements of the Health Information Technology for Economic and Clinical Health (HITECH) Act. Learn more about how Ping Identity supports HIPAA compliance.

The Trusted Information Security Assessment Exchange (TISAX) is an assessment and exchange mechanism for the information security of enterprises governed by ENX on behalf of the German VDA. The exchange allows recognition of assessment results among the participants. TISAX can be accessed by active participants through https://enx.com/tisax. TISAX and TISAX results are not intended for general public use.

ForgeRock Inc. and ForgeRock Ltd. (Ping Identity) are active TISAX participants with assessment results available through the ENX portal - Tisax assessment results, under scope ID: SZZMC3 and assessment ID: AZ5YYL-1.