Teleport Achieves ISO 27001, HIPAA, and SOC 2 Compliance Milestones

We're thrilled to announce that Teleport has recently achieved critical compliance milestones, marking another significant step forward in our commitment to providing highly secure and reliable cloud-based services. We are pleased to inform you that Teleport has successfully achieved ISO 27001 certification, is now HIPAA compliant, and has also expanded our SOC 2 report coverage with the addition of Confidentiality and Availability trust service criteria. All reports are available via our trust portal at https://trust.goteleport.com/.

ISO 27001 compliance

ISO 27001 is an international standard that outlines best practices for an information security management system (ISMS). This standard demonstrates a robust and comprehensive framework for managing company and customer information in a secure manner.

Achieving ISO 27001 certification requires a robust information security management system (ISMS), clear documentation of all processes, consistent record-keeping, regular audits, and continuous improvements. By achieving this certification, we affirm our dedication to protecting your data with the highest level of security standards.

HIPAA compliance

The Health Insurance Portability and Accountability Act (HIPAA) establishes stringent rules to protect sensitive patient health information. Teleport's new HIPAA compliance status assures that we meet these rigorous requirements, specifically with regards to the HIPAA Security Rule. This is part of our SOC 2 report, confirming our commitment to secure handling and protection of any health-related data that our services might manage.

As a result, healthcare providers and related organizations can use our Teleport Cloud SaaS offering with the confidence that we are fully compliant with the HIPAA standards for security. Learn more about HIPAA compliance for cloud infrastructure access.

SOC 2 compliance expansion

Service Organization Control (SOC) 2 is an auditing procedure that ensures service providers securely manage data to protect the interests of the organization and the privacy of its clients.

Teleport's initial SOC 2 report in 2020 had already proven our commitment to the Security trust service criteria. However, we have gone a step further. We've now expanded our SOC 2 Type II report to include the Confidentiality and Availability trust service criteria.

The Confidentiality criterion involves handling data safely and ensuring that information designated as confidential is adequately protected. The Availability criterion, on the other hand, pertains to the system's accessibility for operation and use as agreed upon. It is a testament to our commitment to maintaining high availability and robust disaster recovery procedures for our Teleport Cloud offering.

In essence, this means that Teleport has proven effective measures to manage business continuity/disaster recovery (BC/DR) and handling customer data safely — aspects that are critical for our cloud customers.

Moving forward

Achieving these compliance milestones reflects our unwavering dedication to security, reliability, and continuous improvement. As we move forward, we will maintain these high standards while seeking to further enhance the security and dependability of our services.

The Teleport team extends its gratitude to all its partners, customers, and stakeholders for their continued trust and support. We assure you that your data security and protection remains our top priority, and we are committed to meeting and exceeding the stringent standards set by these international compliance frameworks.

Is my Teleport account covered?

Teleport customers roll out Teleport in a few different ways: Teleport Community Edition, Teleport Team, Enterprise Cloud, and Enterprise self-hosted. Depending on how you use Teleport, it may help you obtain compliance frameworks or could be covered by Teleport’s compliance frameworks.

The table below shows each edition

🩻 = Requires a HIPAA business associate agreement (BAA)

🏛️ = Enterprise Self-Hosted can be used to help obtain FedRAMP authorization, with FIPS mode