SentinelOne Security & Compliance Trust Center

SentinelOne has been independently audited against SOC 2 Security, Availability, and Confidentiality Trust Services Criteria (TSC) by Schellman & Company. This examination demonstrates SentinelOne’s commitment to maintaining the highest standards of information security, availability, and confidentiality of our internal infrastructure, controls, and customer data.

SOC 2 is an industry standard examination that was developed and maintained by the American Institute of Certified Public Accountants (AICPA).

SentinelOne has earned the ISO 27001:2022 certification. This certification underscores the strength of our Information Security Management System (ISMS) designed specifically for our Singularity XDR Platform, highlighting our adherence to superior data security and risk management standards.

Achieving this certification demonstrates our unwavering commitment to protecting customer information and maintaining top-tier security practices. Our ISMS undergoes thorough, independent audits to meet the rigorous requirements of ISO 27001:2022, ensuring we prioritize our customers’ data integrity and confidentiality.

For more information on our ISO certification and to verify our compliance status, please click here.

The SentinelOne Singularity XDR Platform has been assessed by an independent IRAP against the ‘Protected’ level controls under the independent Information Security Registered Assessors Program (IRAP).

Information Security Registered Assessors Program (IRAP) is an Australian Signals Directorate (ASD) initiative that provides high-quality information and communications technology (ICT) security assessment services to government and industry.

IRAP provides a framework for assessing the implementation and effectiveness of an organization’s security controls against the Australian government’s security requirements, as outlined in the Information Manual (ISM) and Protective Security Policy Framework (PSPF).

The SentinelOne Singularity Platform High has been granted FedRAMP High Authorization under the NIST 800-53 Rev 5 framework. The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide initiative that establishes a standardized approach for the security assessment, authorization, and continuous monitoring of cloud services used by U.S. federal agencies. By ensuring that cloud providers meet strict, external security standards, FedRAMP empowers federal agencies to confidently leverage cloud technology while protecting sensitive data.

The SentinelOne Singularity Platform High has successfully met the FedRAMP High Baseline standards, which is listed on the FedRAMP Marketplace.

To request access to the FedRAMP authorization package or specific artifacts (such as CIS/CRM), please contact SentinelOne Federal Sales at: s1-fed-sales@sentinelone.com.

The SentinelOne Singularity XDR Platform has achieved attestation against the Cloud Computing Compliance Criteria Catalogue (C5:2020) requirements through an independent third-party audit.

The C5:2020 was developed by the German Federal Office for Information Security (BSI) to assess the information security of cloud services. It leverages internationally recognized security standards like ISO/IEC 27001 to establish a consistent audit baseline, fostering trust between cloud providers and their customers.

This attestation verifies SentinelOne’s compliance with stringent German federal standards for cloud security and data protection.

The SentinelOne malware Solution can help your organization with various PCI DSS requirements, including Number 5, which requires that organizations use and regularly update anti-virus software or programs on all systems commonly affected by malicious software.

For more information about how SentinelOne can help your organization’s PCI compliance, read the Tevora PCI Whitepaper.

The CJIS Security Policy provides Criminal Justice Agencies and Noncriminal Justice Agencies with a minimum set of security requirements for access to FBI Criminal Justice Information Services (CJIS) Division systems and information and to protect and safeguard Criminal Justice Information.

Please contact your sales representative to discuss how SentinelOne can support your CJIS efforts or read SentinelOne’s CJIS statement.