Okta is ISO 27001:2013 certified and ISO 27018:2019 compliant since 10/13/2015, and ISO 27017 compliant since 7/9/2020, proving our expertise in securely managing information technology systems.

Okta’s ISO 27017:2015 compliance demonstrates our commitment to international standards for securing and protecting personally identifiable information (PII) in the cloud. It is based on ISO 27002 security controls specific to public cloud security and can be verified in Okta's ISO 27001 certification.

Okta’s ISO 27018:2019 compliance demonstrates our commitment to international standards for securing and protecting personally identifiable information (PII) in the cloud. ISO 27018 is specific to protecting privacy of PII in the cloud. This can be verified in Okta’s ISO 27001 certification.

SOC 2 Type II - Okta has certified its systems annually to AICPA SOC 2 Type II since 2012, successfully auditing the operational and security processes of our service and our company. Customer Okta Admins can access the full audit report on support.okta.com

Prospects can request the audit reports here.

CSA STAR Level 2 - Okta's ability to secure sensitive data in the cloud is further validated by its Cloud Security Alliance (CSA) Security, Trust, & Assurance Registry (STAR) Level 2 Attestation, certified since 6/1/2017.

To learn more about CSA STAR, click here.

FedRAMP Authority to Operate (ATO) - Okta has had an official authorized status with the Federal Risk and Authorization Management Program (FedRAMP) Authority to Operate (ATO) since 4/26/2017.

To learn more about FedRAMP, click here.

FIPS Validated 140-2 - Okta Verify is FIPS 140-2 Validated per NIST requirements and approved for FedRAMP use and healthcare orgs who require FIPS-validated MFA for Electronic Prescription of Controlled Substances (EPCS) systems. 

To learn more about FIPS, click here.

APEC PRP - Okta's Asia-Pacific Economic Cooperation (APEC) Privacy Recognition for Processors (PRP) certification, valid since 7/23/2020, puts Okta among a small group of organizations that have demonstrated their ability to support cross-border data transfers for data controllers in Asia, Australia, and the Americas.

To learn more about APEC PRP certification, click here.

HIPAA

Our HIPAA Compliant Service instance serves customers in the highly-regulated and security-conscious healthcare industry.

To learn more click here.

PCI-DSS 3.2

Okta has a PCI Attestation of Compliance, and Okta MFA qualifies as a compliant multi-factor solution under current PCI-DSS requirements. This enables customers to use Okta as a supporting system for PCI compliance.

For more information, click here.

Sarbanes Oxley (SOX)

Okta’s tools help ensure that your SOX controls are in place and generating evidence for auditors. Our service gives your IT team a single location for all application provisioning and deprovisioning. We can also help you enforce password complexity requirements and provide single sign-on access, streamlining downstream audits.

GDPR

Okta’s IAM system provides a strong foundation for GDPR compliance and can help reduce your risk. You can learn more and download Okta’s GDPR-compliant DPA at https://www.okta.com/gdpr.

NYDFS

Our IAM solutions can help you to comply with the access requirements specified in the constantly-evolving New York Department of Financial Services security regulations.