Trust Center


As a security company, Checkmarx is committed to the highest levels of certifications and audits. We’ve built security into everything that we do. Our number one focus is to help organizations gain insight into risk related to software exposure.
Our commitment to security and privacy is underscored by a number of industry certifications.

Third Party Reviews

To demonstrate how Checkmarx protects customer data, we provide independent third-party reports to our customers. We regularly pass rigorous third-party compliance audits of our security, availability, processing integrity, confidentiality, and privacy controls.

ISO 27001:2013 Certified

Checkmarx has successfully obtained its certification to the International Organization for Standardization (ISO) 27001:2013 standard. This standard formally specifies an Information Security Management System (ISMS), a suite of activities concerning the management of information security risks. The ISMS is an overarching management framework that allows Checkmarx to identify, analyze, and address its information risks. The ISMS ensures that the security arrangements are fine-tuned to keep pace with changes to security threats, vulnerabilities, and business impacts. The certification is achieved via a systematic and rigorous external examination of an organization’s information security risk profile that takes into account any threats or vulnerabilities.

SSAE16 – SOC2 Type 2 Certified

Checkmarx is SOC2 Type 2 certified by EY. The SOC 2 report demonstrates Checkmarx’s continuous commitment to internal information security practices, policies, procedures, and operations by meeting or exceeding the AICPA standards for security, availability, and confidentiality.

FedRAMP compliant under Project HOST

Checkmarx has a certified installation on a Project Hosts environment to enable our FedRamp customers.

EU GDPR Compliant

Checkmarx has completed the GDPR readiness. See our Privacy Policy for more details.