Trust center
Thousands of DevOps teams trust Octopus to automate their deployments and operational tasks.
The security and privacy of our customers' personal, company, and intellectual property data, are top priorities at Octopus. We're dedicated to maintaining and continuously improving our security and compliance programs.
Enterprise compliant
We undergo regular third-party audits and technical assessments of our data security to ensure privacy and safety. Our security credentials include:
- ISO 27001:2013 (Download our ISO 270001 certificate)
- SOC 2 Type II (Request access to our SOC 2 Type II confirmation)
We also provide a CSA Consensus Assessment Initiative Questionnaire (CAIQ) lite, which is a convenient, standards-based, mechanism for aligning different compliance frameworks with our own.
We comply with applicable legal and regulatory requirements in relation to handling personal data such as GDPR and CCPA. See our Privacy Policy and our GDPR disclosures for more information, or refer to our Data Processing Agreement.
Email our compliance team for more information about our commitment to the above standards.
Proactive platform security
We perform ongoing security testing, including:
- Vulnerability scanning
- Penetration testing
- External testing via our Bugcrowd bug bounty program
Every year Octopus undergoes a security review conducted by a third-party company. Download our annual security assessment to find out more.
We also tell you about problems as soon as we know about them, with real-time status updates.
See our trust report for a comprehensive, real-time look at our security controls, policies, and compliance reports.
Security operations
Our Security Operations, Product, Engineering, IT Operations & Compliance teams, build security into all our processes.
Our secure, industry-standard development practices help prevent security threats.
Our compliance roadmap
Secure by design
Security admin controls
Verify team members and control who can do what in Octopus.
The tools include:
- Identity and access control
- HTTP security controls
- Single sign-on (SSO)
- IT service management (ITSM) integrations for enterprise customers
Authentication providers
Alongside built-in account management and Octopus ID, we support major authentication providers out-of-box.
- Username and password
- Active Directory authentication
- Azure Active Directory authentication
- GoogleApps authentication
- LDAP authentication
- Okta authentication
- Guest login
Legal documents and policies
Customer agreement
Our customer agreement, signed by over 20,000 companies, governs the use of Octopus Deploy. Please note that we have separate product terms regarding Octopus Server, Octopus Cloud, priority support terms, and TAM services terms.
We don't negotiate on our customer agreement. It allows us to standardize and keep our costs down.
Privacy policy
We strongly believe in privacy. Octopus complies with the European Union's General Data Protection Regulation (GDPR).
Read our privacy policy to understand what data we collect and how we use it.
Octopus Cloud acceptable use policy
We want you to have the best possible experience with Octopus Cloud, but without affecting--or getting affected by--others.
Our acceptable use policy outlines how you should use Octopus Cloud and how you shouldn't.
Other legal documents
- Our vendor profile has most of the information you need
- We provide a W8-BEN-E form as an Australian company (rather than a W9)
- D-U-N-S® number: 747191893
- Employer Identification Number (EIN): 98-1163259
- Australian Business Number (ABN): 69 160 339 186
- North American Industry Classification System (NAICS) number: 511210 (Software Publishers)
- Export Control Classification Number (ECCN): EAR99 (no CCATS number)
- We're a resident of Australia for income tax purposes. See our 2023 certificate and 2024 certificate.
- Airwallex Bank account verification letter.
For more information
Email us for more information about our security credentials and the security features of our product.