Okta's approach to compliance

We certify our services against the strictest standards and help you meet compliance requirements through our solutions.

Our secure systems help our customers to earn their users’ trust. We do this in two ways:

  • By certifying our service against recognized certifications and regulations.
  • Helping our customers comply with their own industry security certifications and regulations.

Okta Service Certifications

Okta complies with a range of industry-standard certifications and authorizations. These include:

ISO 27001:2013

Okta has achieved ISO 27001:2013 certification, proving our expertise in securely managing information technology systems.

Okta's ISO 27001:2013 certification is available here.

ISO 27017:2015 and 27018:2019

Okta’s ISO 27017/27018 compliance demonstrates our commitment to international standards for securing and protecting personally identifiable information (PII) in the cloud. ISO 27017 is based on ISO 27002 security controls specific to public cloud security. ISO 27018 is specific to protecting privacy of PII in the cloud. Both can be verified in Okta’s ISO 27001 certification.

SOC 2 Type II

Okta has certified its systems to AICPA SOC 2 Type II level to successfully audit the operational and security processes of our service and our company.

Customers can access the audit report on support.okta.com. Prospects can request the results here.

CSA STAR

We understand the need to secure sensitive data in the cloud. That’s why we earned the Cloud Security Alliance (CSA) Security, Trust, & Assurance Registry (STAR) Level 2 Attestation.

To learn more about CSA STAR, click here.
To view Okta's CSA attestation, click here.

FedRAMP - Authority to Operate (ATO)

Okta has an official authorized status with the Federal Risk and Authorization Management Program (FedRAMP) Authority to Operate (ATO).

To learn more about FedRAMP, click here.
To view Okta's FedRAMP certification, click here.

FIPS Validated 140-2

Okta Verify is FIPS 140-2 Validated per NIST requirements and approved for FedRAMP use and healthcare orgs who require FIPS-validated MFA for Electronic Prescription of Controlled Substances (EPCS) systems. 

To learn more, click here.
To view Okta’s NIST certification, click here.

Helping you meet your compliance requirements

While Okta can’t solve every regulatory challenge, the Okta Cloud Service can help you work in accordance with the following compliance requirements:

HIPAA

Our HIPAA Compliant Service instance serves customers in the highly-regulated and security-conscious healthcare industry.

To learn more click here.

PCI-DSS 3.2

Okta has a PCI Attestation of Compliance, and Okta MFA qualifies as a compliant multi-factor solution under current PCI-DSS requirements. This enables customers to use Okta as a supporting system for PCI compliance.

For more information, click here.

Sarbanes Oxley (SOX)

Okta’s tools help ensure that your SOX controls are in place and generating evidence for auditors. Our service gives your IT team a single location for all application provisioning and deprovisioning. We can also help you enforce password complexity requirements and provide single sign-on access, streamlining downstream audits.

GDPR

Okta’s IAM system provides a strong foundation for GDPR compliance and can help reduce your risk. You can learn more and download Okta’s GDPR-compliant DPA at https://www.okta.com/gdpr.

NYDFS

Our IAM solutions can help you to comply with the access requirements specified in the constantly-evolving New York Department of Financial Services security regulations.

There aren’t many companies that have experience running digital commerce in a highly regulated industry such as aviation. Okta brought those two pieces together in a unified way so that we could address physical and electronic security.

Eash Sundaram, EVP innovation, Chief Digital and Technology Officer, JetBlue
Read customer success story

Okta helps us be HIPAA compliant … largely because we don’t have to go in and manage and maintain the identity of our customers.

Rish Tandon, Chief Technology Officer, Heal

Learn more about Okta’s approach to compliance

Want to find out how Okta can help you meet industry-specific compliance standards? Follow the links below:

Okta Security Technical Whitepaper
Download the whitepaper
Setting Up IAM: Managing Permissions to Ensure Compliance
Read here
User Identity and Access Management: A Bridge to Government IT Modernization
Download the whitepaper
What Finance Institutions Need to Know About the NYDFS Cybersecurity Regulations
Download the whitepaper
Keeping Your Data Safe: Identity, Security, and the GDPR
Watch the presentation
Hands-on security training: Advanced Security: Protect the Modern Perimeter with Okta
Register now