Certifications and Compliance

We focus on security, compliance, and privacy to be your most trusted cybersecurity company

Trellix certifications and compliance

FedRAMP

FedRAMP

Federal Risk and Authorization Management Program (FedRAMP) is a Federal Government-wide program that provides a standardized approach to the security assessment, authorization, and monitoring of cloud products and services.

IL5

IL5

Impact Level 5 (IL5) is a certification by the U.S. Department of Defense (DoD) that authorizes a cloud service provider to store and process some of their most sensitive data. Trellix EDR has been granted DoD IL5 certification.

ISO 27001

ISO 27001

One of the highest internationally recognized standards for information security, ISO 27001 specifies requirements covering an information security management system (ISMS). Trellix was certified ISO 27001 compliant in 2022.

LAST ISSUE: September 22, 2023

ISO 27017

ISO 27017

ISO 27017 covers the information security aspects of cloud computing, recommending cloud-specific information security controls that supplement ISO 27002 and ISO 27001. Trellix was certified ISO 27017 compliant in 2022.

LAST ISSUE: September 22, 2023

ISO 27018

ISO 27018

ISO 27018 is the international standard for protecting personal information in cloud storage. The term for the personal data it covers is Personally Identifiable Information (PII). Trellix was certified ISO 27018 compliant in 2022.

LAST ISSUE: September 22, 2023

ISO 27701

ISO 27701

ISO 27701 specifies requirements for a Privacy Information Management System (PIMS) with guidance for managing and protecting personally identifiable information (PII). Trellix was certified ISO 27701 compliant in 2022.

LAST ISSUE: September 22, 2023

NCA Cybersecurity Controls of Saudi Arabia

NCA Cybersecurity Controls of Saudi Arabia

The National Cybersecurity Authority (NCA) in Saudi Arabia plays a pivotal role in safeguarding the Kingdom’s critical infrastructure, businesses, and citizens from the growing threat of cyberattacks.

NIS 2 Compliance

NIS 2

The EU Network and Information Security Directive 2 (NIS 2) is designed to increase cybersecurity and resilience across the EU. Organizations must implement a wide range of risk management approaches and policies.

SOC 2 - Service Organization and Controls

SOC 2

Service Organization Control Type 2 (SOC 2) is a cybersecurity framework developed by the American Institute of Certified Public Accountants (AICPA) that evaluates an organization's ability to securely manage customer data.

TISAX

TISAX

Trusted Information Security Assessment Exchange (TISAX) is a European automotive industry-standard ISA catalog based on key aspects of information security such as data protection and connection to third parties.

For additional Trellix compliance documentation, please visit the Trellix Trust Center.
FedRAMP

FedRAMP

The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. FedRAMP enables agencies to rapidly adapt from old, insecure legacy IT to mission-enabling, secure, and cost-effective cloud-based IT. This certification includes the expanded boundary of Trellix XDR and Email Security (ESC GovCloud), which includes the company's proprietary modules, including antivirus, anti-spam, and impersonation detection capabilities.

Trellix GovCloud Security Platform  |  Trellix Email Security GovCloud

ISO 27001

ISO 27001

As one of the highest internationally recognized standards for information security, this certification covers every aspect of people, process, and systems security. The scope of the ISO/IEC 27001:2013 certification is limited to the information security management system (ISMS). Trellix was certified ISO 27001 compliant in 2022. Last Issue Date: September 22, 2023.

ISO 27017

ISO 27017

ISO 27017 provides guidance on the information security aspects of cloud computing, recommending the implementation of cloud-specific information security controls that supplement the guidance of the ISO 27002 and ISO 27001 standards. Trellix was certified ISO 27017 compliant in 2022 and the Last Issue Date: September 22, 2023.

ISO 27018

ISO 27018

ISO 27018 is the international standard for protecting personal information in cloud storage. The term for the personal data it covers is Personally Identifiable Information (PII). Trellix was certified ISO 27018 compliant in 2022. Last Issue Date: September 22, 2023.

ISO 27701

ISO 27701

As one of the highest internationally recognized standards for information security, this certification covers every aspect of people, process, and systems security. The scope of the ISO/IEC 27001:2022 certification is limited to the information security management system (ISMS). Trellix was certified ISO 27701 compliant in 2022. Last Issue Date: September 22, 2023.

SOC 2 - Service Organization and Controls

SOC 2 - Service Organization and Controls

Trellix undergoes annual independent third-party SSAE18 audit using the criteria set forth in the American Institute of Certified Public Accountants (AICPA) Guide Reporting on Controls at a Service Organization Relevant to Security, Availability, Confidentiality (SOC 2®), and the suitability of the design and operating effectiveness for the security, availability, and confidentiality principles set forth in the Trust Services Principles, TSP session 1 ODA. Trellix can provide its users with business need a report of its compliance (SOC2 Type II report), for the offerings listed below, that includes a description of the Trellix controls environment, and the external audit result and opinion of Trellix's controls that meet the AICPA Trust Services Security, Availability, and Confidentiality Principles and Criteria.

Trellix EDR   |  Trellix ePO  |  Trellix IVX for Collaboration Platforms  |  Trellix Email Security  |  Trellix Helix Connect

TISAX

TISAX

Trusted Information Security Assessment Exchange (TISAX) is a European automotive industry-standard information security assessment (ISA) catalog based on key aspects of information security such as data protection and connection to third parties. Trellix received this certification, called a label, in January 2024.

The Trellix Platform

Trellix products and services are built for compliance

Adherence to technology certifications and industry compliance is critical to maintaining a robust and stalwart security profile. Because of this, Trellix is dedicated to ensuring its security products and technologies meet or exceed critical industry certifications and compliance requirements.

View our product portfolio

See our industry recognitions