Why Us

Trust Center

Integrity is part of everything we do at SailPoint. We are committed to maintaining your trust and securing your data.

Overview

Your data security is our top priority

At SailPoint, our top priority is keeping our customers’ data secure and staying aligned with industry standards. SailPoint utilizes corporate governance policies and procedures consistent with industry practice to comply with applicable laws and regulations in every jurisdiction where we do business.

Our brand is built upon the ‘Four I’s’ Philosophy: Innovation, Integrity, Impact and Individuals. These core values influence our company’s culture but are also incorporated with our business practices. We pride ourselves in upholding our promise to keep our services reliable and secure. Nothing is more important than keeping our customer’s data safe and being transparent about our data security program.

We employ rigorous security measures at the organizational, architectural, and operational levels to ensure our customer’s data remains safe and sound.

SailPoint’s Trust Center connects you to our Cybersecurity, Compliance and Privacy programs so you have all the information you need to manage your data.

AI

Building responsibly: our commitment to developing trustworthy AI

AI is at the core of SailPoint’s identity security solutions. We’re not newcomers to this field—we’ve been helping customers harness the power of AI for nearly a decade. Over these years, we’ve focused on what matters most to our customers: trust.

From design to deployment, we’ve built a robust infrastructure centered on responsible, unbiased, and accountable AI usage. Guided by human-centered principles, our AI is designed to augment human capabilities and decision-making while respecting fundamental human values.
As innovators and leaders in this space, we’ve not only developed cutting-edge solutions but also secured patents for groundbreaking advancements. These patents underscore our commitment to pushing the boundaries of AI innovation while maintaining an unwavering focus on trust, privacy, and security.

At SailPoint, we don’t just build AI—we build AI you can trust.

Read more

Cybersecurity

Purpose-built architecture for maximum protection

The SailPoint cloud is designed to support the most rigorous security controls. Through our threat detection and response and threat exposure management protocols, we uphold best practices by implementing exacting requirements analysis, design testing and approvals, and robust engineering. These protocols are reinforced by policies and procedures that align with industry benchmarks and comply with the standards of international governing bodies.

SailPoint maintains product security through a Secure Software Development Lifecycle program, which proactively identifies and remediates vulnerabilities in software. External security researchers also review our security system.

Read more

Compliance

Product Certifications

As an organization focused on security, SailPoint implements strict compliance standards to certify our services and to help our customers comply with their own industry regulations.

Read more

Filters

SOC 1

SOC 1 (System and Organization Controls) is a report on controls at a service organization relevant to a entity’s control over financial reporting.

Learn more

Copies of SailPoint's SOC 1 Report can be made available to current customers and qualified prospects with a valid confidentiality agreement.

Please email [email protected] to request the latest SOC 1 report.

SOC 2

SOC 2 (System and Organization Controls) is a regularly refreshed report that focuses on non-financial reporting controls as they relate to security, availability, and confidentiality of a cloud service.

Learn More

Copies of SailPoint's SOC 2 Report can be made available to current customers and qualified prospects with a valid confidentiality agreement.

Please email [email protected] to request the latest SOC 2 report.

SOC 3

SOC 3 (System and Organization Controls) is a regularly refreshed report that focuses on internal controls as they relate to security, availability, and confidentiality of a cloud service.

Learn more

SailPoint has published a SOC 3 Report for the following products:

SailPoint Identity Security Cloud

SailPoint IdentityIQ

SailPoint Access Risk Management Service

SailPoint Non-Employee Risk Management

For inquiries about the ISO certificate or SOC reports, contact us at [email protected].

IRAP

IRAP (Infosec Registered Assessors Program) ensures entities can access high-quality security assessment services. The Australian Signals Directorate is supporting higher standards for security assessments and training through the enhanced Infosec Registered Assessor Program (IRAP).

Learn More

IRAP Completion Reports are available for the following:

SailPoint Identity Security Cloud

Data Access Security

For inquiries about this report, contact us at [email protected].

ISO 27001:2022

ISO 27001 is specification for an information security management system (ISMS), which is a framework for an organization’s information risk management processes.

Learn More

Download the Certificate

For inquiries about the ISO certificate or SOC reports, contact us at [email protected].

ISO 27017

ISO/IEC 27017 is an information security standard that provides additional guidance for relevant controls specified in ISO/IEC 27002; implementing information security controls within a Cloud computing environment for organizations that have an ISMS (information security management system) in place.

Learn More

Download the Certificate

*ISO 27017 inclusion is denoted under the ISO scope on Page 2 of the Certificate.*

For inquiries about the ISO certificate or SOC reports, contact us at [email protected].

ISO 27018

ISO 27018 builds on the ISO 27001 information security management system (ISMS) with a focus on protecting personally identifiable information (PII) in public clouds.

Learn More

Download the Certificate

*ISO 27018 inclusion is denoted under the ISO scope on Page 2 of the Certificate.*

For inquiries about the ISO certificate or SOC reports, contact us at [email protected].

ISO 27701

ISO 27701 is a standard designed to help organizations responsibly manage and/or process PII through the implementation of a Privacy Information Management System (PIMS).

Learn more

Download the Certificate

For inquiries about the ISO certificate or SOC reports, contact us at [email protected].

FedRAMP

The Federal Risk and Authorization Management Program (FedRAMP) is a US government-wide program that provides a standardized approach to security and risk assessment, authorization, and continuous monitoring for cloud products and services. All cloud services in use by federal agencies must meet FedRAMP requirements at the appropriate impact level (Low, Moderate, or High).

Learn More

Please visit our listing on the FedRAMP Marketplace.

For FedRAMP-related inquiries, contact us at [email protected].

C5

The Cloud Computing Compliance Controls Catalog (C5) is a German framework created by the German Federal Office for Information Security (BSI) which specifies minimum security requirements for cloud services.

Learn more

Copies of SailPoint's C5 Report can be made available to current customers and qualified prospects with a valid confidentiality agreement.

Please reach out to your Customer Success Manager or Sales Representative for more information.

Common Criteria

Common Criteria (CC), also known as ISO/IEC 15408, is an international standard for evaluating and certifying the security features of information technology products and systems, providing a framework for ensuring that products meet specific security requirements.

Learn More


SailPoint Common Criteria Certificates can be found on the Common Criteria Certified Product Listing:

SailPoint IdentityIQ

SailPoint File Access Manager

For Common Criteria-related inquiries, contact us at [email protected].

CSA STAR Level 1

The Cloud Security Alliance (CSA) Security, Trust, Assurance, and Risk (STAR) Level 1 is a publicly accessible registry that documents the security and privacy controls provided by popular cloud computing offerings. This self-assessment demonstrates our commitment to transparency and adherence to industry best practices in cloud security.

Learn More

Please visit our listing on the CSA STAR Registry.

For CSA STAR-related inquiries, contact us at [email protected].

GovRAMP

StateRAMP (dba GovRAMP) is the leading authority on cloud security standards for federal, state,and local government organizations, providing a standardized approach to assessing and authorizing cloud services. GovRAMP empowers the public sector and their vendors to navigate the complexities of cloud security with confidence.

Learn more

Please visit our listing on the GovRAMP Authorized Product List.

For GovRAMP-related inquiries, contact us at [email protected].

Privacy

Purpose-built architecture for maximum protection

At SailPoint, we’re committed to respecting your privacy. We recognize that when you choose to share personal information, you trust us to act in a responsible manner to protect and safely manage that information. We put privacy front and center by building it into our products and services, enabling us to deliver on customer expectations while maintaining compliance with evolving regulations. Read more about our privacy and data protection.

Read more