Skip to content
start for free
Product
Solutions
Why Snowflake
Resources
Developers
Pricing
The Snowflake Platform
Develop AI products, apps and more on a fully managed platform that securely connects businesses globally — across any type or scale of data.
Analytics icon
Analytics
AI/ML icon
AI
Data engineering icon
Data Engineering
Collaboration icon
Applications & Collaboration
Featured Capabilities
Cortex AI
Instant access to industry-leading LLMs
Data Clean Rooms
Privacy-preserving data collaboration
Native Apps
End-to-end, Snowflake-native app creation and distribution
Horizon
Built-in compliance, security, privacy and access
Marketplace
Third-party data sources connected within minutes
Notebooks
Interactive dev environment for data and AI teams
Snowflake ML
Streamlined model development and MLOps from a centralized UI
Snowpark
Libraries and code execution environments that run Python and more
Streamlit
Framework for transforming Python scripts into web apps
Featured Open Source Technologies
Arctic LLM
An open, efficient LLM for enterprise AI apps
Open Catalog
Manage and govern data across many engines and storage locations
Back
INDUSTRIES
Advertising, Media & Entertainment
Financial Services
Healthcare & Life Sciences
Manufacturing
Public Sector
Retail & Consumer Goods
Technology
Telecom
Travel & Hospitality
DEPARTMENTS
Finance
IT
Marketing
Cybersecurity
Enablement Solutions
Cloud icon
Migrate to the AI Data Cloud
Confident migration to a unified platform
Migrate icon
Professional Services
Snowflake experts to help you accelerate and achieve business goals
PARTNER SOLUTIONS
Partner Network icon
Snowflake Partner Network
Programs with product, solutions and cloud partners
Partner Finder icon
Partner Finder
Partners, apps and solutions for enhanced deployment
Calendar icon
Event Partnership Opportunities
Live and virtual events
Back
Why Snowflake
Collaborate locally and globally to reveal new insights, create previously unforeseen business opportunities, and identify your customers with seamless experiences.
Customer icon
Customers
Case studies and videos showcasing how global organizations use Snowflake
Cloud icon
The AI Data Cloud Explained
Learn how to connect, share and integrate the data and apps on the AI Data Cloud
User with security lock icon
Security Hub
Comprehensive security through built-in features, robust cloud infrastructure protection, and more.
Cost Optimization icon
Cost and Performance Optimization
Maximize economic value through minimizing TCO and continuously optimizing price for performance.
Back
Connect
Blog
Events
Support
Contact us
Learn
Notebooks icon
Resource Library
Ebooks, videos, white papers and more
Training icon
Training
Overview of Snowflake's educational offerings
Webinars icon
Webinars
Expert-led discussions and demos across industries and use cases
Certification icon
Certifications
Snowflake's technical industry professional certifications
Live Demo icon
Live Demos
Weekly product demos showcasing key features and live Q&A
Education icon
Snowflake University
Training courses for all levels, on-demand or instructor-led
Hands-on Labs icon
Hands-On Labs
Instructor-led virtual workshops for exploring key Snowflake features
Back
Build
Developers icon
Snowflake for Developers
Overview of the dev resources you need to build and scale
Solution Center icon
Solutions Center
Reference architectures, use cases and best practices
Download icon
Downloads
The latest software versions, drivers, libraries and relevant docs
Learn
Docs icon
Documentation
Reference docs, guides, tutorials and announcements
Quickstart icon
Quickstarts
Tutorials to get up and running with Snowflake
Open Source icon
Open Source
Key projects Snowflake engineers maintain and support
Northstar logo
Builder Education
Online and in-person classes and workshops to upskill on Snowflake
Connect
Developers icon
Engineering Blog
Snowflake’s technical leaders on what, why and how they build features
Partner Network icon
Community
Tips, tricks and discussion with fellow Snowflake developers
Back
Back

Language

Back
English
Português
Italiano
한국어
日本語
Español
Deutsch
Français
Sign in

SNOWFLAKE’S SECURITY & COMPLIANCE REPORTS

Snowflake is continuously expanding our portfolio of Security & Compliance Reports as our customers request them. The following is the current list of reports available to all Customers and Prospects under NDA. Please contact Snowflake and fill out the form on the right by selecting 'Security Information' as Inquiry type, or reach out to your Account Team for copies of reports as applicable to your organization or to find out if a particular certification will soon be available.

SOC 2 Type II

The SOC2 Type 2 report is an independent auditor’s attestation of the security controls that Snowflake has had in place during the report’s coverage period. This report is provided for customers and prospects to review to ensure No Exceptions to the documented policies and procedures in the policy documentation.

SOC 1 Type II 

The SOC1 Type 2 report, like the SOC2 Type 2 report, is an independent auditor’s attestation of the financial controls that Snowflake has in place during the report’s coverage period.

PCI-DSS

The Payment Card Industry Data Security Standards is a set of prescriptive requirements to which an organization must adhere in order to be considered compliant. Snowflake’s Attestation of Compliance from our selected Qualified Security Assessor provides an independent auditor’s assessment results after testing Snowflake’s security controls.

HITRUST

The Health Information Trust Alliance Common Security Framework (HITRUST CSF) serves to unify security controls based on aspects of US federal law (such as HIPAA and HITECH), certain state-specific laws and other industry-standard compliance frameworks into a single comprehensive set of baseline security and privacy controls, built specifically for healthcare needs. 

Snowflake participates in the HITRUST Shared Responsibility and Inheritance Program. With the Shared Responsibility Matrix (SRM), customers can now inherit Snowflake’s HITRUST CSF certification provided that customers apply the controls detailed in the HITRUST Alliance website. Customers should download the Snowflake Custom HITRUST Shared Responsibility Matrix to determine HITRUST controls that they can inherit as part of the shared responsibility model. Customers should refer to the HITRUST webpage for guidance on how to initiate an inheritance request.

CSA Star Level 1

Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to “promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing.” Snowflake  participates in the voluntary CSA Security, Trust & Assurance Registry (STAR) Self-Assessment to document our compliance with CSA-published best practices. The completed CSA Consensus Assessments Initiative Questionnaire (CAIQ) is found on the Cloud Security Alliance website.

ISO/IEC 27001,  ISO 27017:2015 & ISO 27018:2019

The International Organization for Standardization provides requirements for establishing, implementing, maintaining, and continually improving an information security management system. Snowflake’s ISO Certificate is available for download by clicking here. The statement of applicability additionally includes control objectives from the ISO 27017:2015 & ISO 27018:2019 framework.

FedRAMP

The Federal Risk and Authorization Management Program, or FedRAMP, is a government-wide program that provides a standardized approach to security. Snowflake SnowGov Regions have achieved FedRAMP Authorization. 

  • FedRAMP Moderate: Federal Agencies may download Snowflake’s FedRAMP Moderate Package from USDA Connect through community.connect.gov.
  • FedRAMP High: Federal Agencies may download Snowflake’s FedRAMP High Package by request via their Snowflake Account Executive.

Department of Defense (DoD) Impact Level 5 (IL5)

The U.S. military creates, stores, and operationalizes massive amounts of sensitive data. Protecting that data is a strategic priority and is the focus of the Department of Defense Impact Levels framework. This framework is used to categorize information systems and data and to indicate the security requirements that data is subject to. Snowflake has received Provisional Authorization (PA) by the Defense Information Systems Agency (DISA) at the U.S. Department of Defense (DoD) to operate at Impact Level 5 (IL5) on AWS GovCloud. Agencies may download Snowflake’s DoD package from eMASS.

GovRAMP

As a 501(c)(6) nonprofit, StateRAMP (dba GovRAMP) promotes cybersecurity best practices through education and policy development to improve the cyber posture of public institutions and the citizens they serve.

GovRAMP’s governance committees adopt policies and procedures that standardize security requirements for providers. GovRAMP’s Program Management Office then verifies those cloud offerings utilized by the government have adopted security requirements through independent audits and continuous monitoring. State and local governments, public education institutions, and special districts are invited to become members of GovRAMP. Government membership provides access to shared services for managing supplier risk.

Products that are working towards or have achieved GovRAMP Authorizations are included on the Authorized Product List.  The Snowflake deployments on AWS and Azure that have achieved GovRAMP authorization at the Moderate or High level are listed in the Snowflake Documentation.

TX-RAMP

Texas has established a state risk and authorization management program, known as TX-RAMP, that provides "a standardized approach for security assessment, authorization, and continuous monitoring of cloud computing services that process the data of a state agency." Texas mandates that state agencies as defined by Texas Government Code must only enter or renew contracts to receive cloud computing services that comply with TX-RAMP requirements beginning January 1, 2022.

TX-RAMP maintains an up-to-date inventory of cloud solutions and the authorization status of those solutions here: TX-RAMP Certified Cloud Products. The Snowflake deployments on AWS and Azure that have achieved TX-RAMP authorization are listed in the Snowflake Documentation.

GxP

GxP data integrity requirements (e.g.; 21 CFR 11) apply to life sciences organizations that produce regulated medical products including pharmaceuticals, medical devices, and mobile medical applications. Snowflake is GxP compatible, allowing life sciences customers to ensure data integrity and build GxP compliant solutions with the help of a secure, validated cloud data platform.

ITAR

International Traffic in Arms Regulations (ITAR) state that non-US persons are prohibited from physically or logically accessing the ITAR environment. A Third-Party Assessment Organization (3PAO) performed an audit to confirm that Snowflake’s Microsoft Azure Government (MAG) and AWS GovCloud deployments provide an environment compliant with ITAR.

IRAP (Protected)

The Infosec Registered Assessors Program, or IRAP, is a program governed by the Australian Signals Directorate (ASD) of the Australian Government which endorses suitably-qualified cyber security professionals to provide relevant services which aim to secure broader industry and Australian Government systems and data. IRAP provides a security framework and an assessment methodology that enables Australian Government agencies and their customers to validate Snowflake’s security control implementations and compliance against those requirements defined within the Australian Government Information Security Manual (ISM) developed by the Australian Signals Directorate (ASD). Snowflake employs IRAP assessors to validate Snowflake Australian systems effectiveness against the Information Security Manual at the Protected level.

CJIS

Snowflake’s SnowGov Regions are ready and able to support customer compliance with the FBI’s Criminal Justice Information Services (CJIS) Security Policy.  The CJIS Security Policy provides federal and state agencies with a unified set of standards for the protection and safeguarding of Criminal Justice Information (CJI) in the cloud.  Snowflake recognizes the importance of protecting CJI and works collaboratively with customers to satisfy CJIS requirements.  Customers interested in learning more about how they can use Snowflake in connection with CJI can learn more here: Criminal Justice Information at Snowflake

IRS Publication 1075

Internal Revenue Service (IRS) Publication 1075 (IRS 1075) outlines the policies, practices, controls and safeguards to be employed by federal, state, and local agencies and contractors handling Federal Tax Information (FTI). Snowflake supports customer compliance with IRS 1075 in our FedRAMP-authorized SnowGov Regions. While there is no official certification for IRS 1075, Snowflake follows IRS Publication 1075 standards and works closely with our customers to meet the IRS’s stringent regulatory requirements for the protection and safeguarding of FTI.  For more information, please visit the IRS Safeguards Program webpage on Cloud Computing.

TISAX (Assessment Level) AL 3

Developed by the ENX Association and published by the German Association of the Automotive Industry or VDA, Trusted Information Security Assessment Exchange or TISAX is a certification specifically designed to address the automotive industry’s cybersecurity requirements. TISAX focuses on the secure processing of information from business partners, the protection of prototypes and data protection in accordance with the General Data Protection Regulation (GDPR) for potential business transactions between automobile manufacturers and their service providers or suppliers. TISAX was established in 2017 by VDA and the ENX Association. All organizations involved in business with major German automotive industry partners must obtain a TISAX certification. Assessment Level 3 is required for data with a very high need for protection, such as data classified as confidential or secret. Snowflake’s TISAX is scoped to Information Security and Assessment Level 3.

For more information, please visit the Official TISAX website.

CE+ (Cyber Essentials Plus)

Cyber Essentials Plus (CE+)  is a United Kingdom government supported framework that helps protect organizations, regardless of size, against a wide range of the most common cyber attacks. The CE+ certification is required for organizations that plan to bid for central government contracts which involve handling sensitive or personal information or the provision of certain technical products and services. CE+ certification is supported by industry, including the Federation of Small Businesses, the Confederation of British Industry and a number of insurance organizations that offer incentives for CSPs holding this certification. CE+ provides the necessary technical controls and a related assurance framework conducted via an annual external assessment conducted by an accredited assessor.

Achievement of the CE+  certification demonstrates Snowflake’s commitment to mitigate the risk from common Internet-based threats and cyber security best practices.

For more information, please visit the Cyber Essentials website.

You can view the current status of Snowflake’s CE+ certification on the IASME website.

C5 - Cloud Computing Compliance Controls Catalog

The Cloud Computing Compliance Controls Catalog (C5) is an audited standard establishing mandatory baselines for cloud security. The framework was created by the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, or BSI). C5 was initially created for government agencies and organizations that work with the government to ensure that security baselines are met by their cloud service providers (CSPs).  The private sector has also adopted this framework for evaluation of the security of their CSPs. The framework is based on ISO 27001, CSA, and BSI’s IT-Grundshutz catalogs. The certification can be obtained for either the Basic requirements or Basic + Additional Criteria. Snowflake’s C5 scope currently includes the Basic requirements.

K-FSI Cloud Service Provider Safety Evaluation and the Regulation on Supervision of Electronic Financial Transactions (RSEFT)

The Korean Financial Security Institute (K-FSI) performs the CSP Safety Evaluation in order to evaluate cloud service provider compliance with the Regulation on Supervision of Electronic Financial Transactions (RSEFT) regulation. They support the financial services industry in security assessments and assist in various areas that help create a secure environment for financial institutions. Snowflake’s CSP Safety Evaluation is scoped to SaaS service controls. If customers will store or process unique private information (UPI) or protected credit information (PCI) on Snowflake or safety/reliability of electronic financial transactions are materially impacted by using Snowflake, then customers must review the CSP Safety Evaluation results and perform an analysis of vendor risk and submit documentation to the Financial Supervisory Service prior to utilizing Snowflake for these types of data. 

ISO 9001:2015 Quality Management System

ISO 9001 standard sets forth universally acknowledged benchmarks for quality management, shaping the foundation for Snowflake to enhance its operations. Implementing ISO 9001 not only improves overall performance but also enables Snowflake to surpass customer expectations. By adhering to its stringent requirements, Snowflake showcases an unwavering commitment to quality. ISO 9001 guides the establishment, implementation, maintenance, and continuous improvement of a robust Quality Management System (QMS) at Snowflake, solidifying Snowflake’s commitment to delivering exceptional quality. 

Product
PRODUCT CATEGORIES
Platform
Analytics
AI
Data Engineering
Applications & Collaboration
FEATURED CAPABILITIES
Cortex AI
Data Clean Rooms
Horizon
Marketplace
Native Apps
Notebooks
Snowpark
Streamlit
Snowflake ML
FEATURED OPEN SOURCE TECHNOLOGIES
Arctic LLM
Open Catalog
Solutions
INDUSTRIES
Advertising, Media & Entertainment
Financial Services
Healthcare & Life Sciences
Manufacturing
Public Sector
Retail & Consumer Goods
Technology
Telecom
Travel & Hospitality
DEPARTMENTS
Marketing
IT
Finance
Cybersecurity
ENABLEMENT SOLUTIONS
Migrate to the AI Data Cloud
Professional Services
PARTNER SOLUTIONS
Snowflake Partner Network
Partner Finder
Event Partnership Opportunities
Why Snowflake
Why Snowflake
All Customers
Snowflake Security Hub
The AI Data Cloud Explained
Resources
CONNECT
Blog
Engineering Blog
Community
Events
Support
Contact
LEARN
Resource Library
Training
Webinars
Certifications
Live Demos
Snowflake University
Hands-on Labs
Guides
Trending
Fundamentals
Developers
Developers Overview
Solutions Center
Open Source
Builder Education
Downloads
Company
About Snowflake
Brand Guidelines
Investor Relations
Leadership & Board
Careers
Newsroom
ESG
Snowflake Ventures
End Data Disparity
Pricing
Pricing Options
Cost & Performance Optimization
Snowflake Performance Index

Sign Up for Our Newsletter

© 2025 Snowflake Inc. All Rights Reserved
privacy notice
site terms
cookie settings
do not share my personal information
legal

If You’d Rather Not Receive Future Emails From Snowflake, Unsubscribe Here Or Customize Your Communication Preferences