Snowflake is continuously expanding our portfolio of Security & Compliance Reports as our customers request them. The following is the current list of reports available to all Customers and Prospects under NDA. Please contact Snowflake for copies of reports as applicable to your organization or to find out if a particular certification will soon be available.

SOC 2 Type II
The SOC2 Type 2 report is an independent auditor’s attestation of the security controls that Snowflake has had in place during the report’s coverage period. This report is provided for customers and prospects to review to ensure No Exceptions to the documented policies and procedures in the policy documentation.

SOC 1 Type II 
The SOC1 Type 2 report, like the SOC2 Type 2 report, is an independent auditor’s attestation of the financial controls that Snowflake has in place during the report’s coverage period.

The Payment Card Industry Data Security Standards is a set of prescriptive requirements to which an organization must adhere in order to be considered compliant. Snowflake’s Attestation of Compliance from our selected Qualified Security Assessor provides an independent auditor’s assessment results after testing Snowflake’s security controls.

The Health Information Portability and Accountability Act is a law that provides data security and privacy provisions to protect Protected Health Information. As a business associate, Snowflake is able to enter into a BAA with any covered entity who requires HIPAA Compliance.

ISO/IEC 27001
The International Organization for Standardization provides requirements for establishing, implementing, maintaining, and continually improving an information security management system. Snowflake’s ISO Certificate is available for download by clicking here.

FedRAMP Moderate
The Federal Risk and Authorization Management Program, or FedRAMP, is a government-wide program that provides a standardized approach to security. Federal Agencies may download Snowflake’s FedRAMP Package from OMB/MAX.