Trust Center

Start your security review
View & download sensitive information
Ask for information
ControlK

Overview

Welcome to Wiz's Trust Center. Our commitment to data privacy and security is embedded in every part of our business. Use this Trust Center to learn about our security posture and request access to our security documentation.

Compliance

CCPA Logo
CCPA
CSA STAR Level 1 Logo
CSA STAR Level 1
ProcessUnity Logo
ProcessUnity
ISO/IEC 27001:2022 Logo
ISO/IEC 27001:2022
ISO/IEC 27017 Logo
ISO/IEC 27017
ISO/IEC 27018 Logo
ISO/IEC 27018
ISO/IEC 27701 Logo
ISO/IEC 27701
SOC 2 Type 2 Logo
SOC 2 Type 2
SOC 3 Logo
SOC 3
GovRAMP Logo
GovRAMP
TruSight Logo
TruSight
PCI DSS v4.0.1 Logo
PCI DSS v4.0.1
TX-RAMP Logo
TX-RAMP
FedRAMP High Logo
FedRAMP High
IRAP Logo
IRAP
EcoVadis OCT 2025 - Committed Logo
EcoVadis OCT 2025 - Committed

Wiz is reviewed and trusted by

Morgan Stanley-company-logoMorgan Stanley
Salesforce-company-logoSalesforce
Slack-company-logoSlack
Blackstone-company-logoBlackstone
DocuSign-company-logoDocuSign
ServiceNow-company-logoServiceNow
Siemens-company-logoSiemens
Canva-company-logoCanva
Colgate-Palmolive-company-logoColgate-Palmolive
BMW-company-logoBMW
Redis-company-logoRedis
Aon-company-logoAon
LVMH-company-logoLVMH
Mars-company-logoMars
Cushman & Wakefield-company-logoCushman & Wakefield
Bridgewater Associates-company-logoBridgewater Associates
Priceline-company-logoPriceline
ManpowerGroup-company-logoManpowerGroup
Fox Corporation-company-logoFox Corporation
InterContinental Hotels Group-company-logoInterContinental Hotels Group
Shell-company-logoShell
REI-company-logoREI

Documents

Featured Documents

REPORTSPenetration Test Report
REPORTSSOC 2 Type II + HIPAA Report
REPORTSSOC 3 Report
COMPLIANCECSA STAR Level 1
COMPLIANCEISO/IEC 27001:2022
COMPLIANCEISO/IEC 27701
COMPLIANCEProcessUnity

Reports

Accessibility Report
Data Flow Diagram (DFD)
Disaster Recovery Test Report
View more

Self-Assessments

CAIQ
CAIQ Lite
SIG Lite

AI

AI Features
AI Transparency and Choice
AI Governance Policy
View more

ESG

Anti-Bribery and Corruption
Anti-Modern Slavery
Code of Conduct
View more

Legal

Subprocessors
Data Processing Agreement
Insurance
View more

Data Privacy

Cookies
Data Breach Notifications
Data Transfers
View more

Policies

Acceptable Use Policy
Access Management Policy
Asset Management Policy
View more

BC/DR

Business Continuity Plan (BCP)
Data Backup/Backup Protection
Disaster Recovery Plan (DRP)
View more
Knowledge Base (FAQ)
Trust Center Updates

Update on React and Next.js Vulnerabilities

Copy link
General

Wiz recently published a Threat Center update for its customers, as well as a public blog post, on the critical vulnerabilities affecting React and Next.js that were disclosed on December 3, 2025.

As part of our internal response process, Wiz security teams have been identifying and patching instances of these affected components across our environments. As of this writing, Wiz has not identified any systems related to its product platform that are externally exposed and vulnerable, and customers do not need to take any further action to safeguard their instances of Wiz. Please continue to monitor our Threat Center and this Trust Site for further updates.

Gainsight Security Incident - No Impact to Wiz

Copy link
General

Wiz is aware of the recent supply chain attack targeting Gainsight and its integrations with Salesforce. We can confirm that Wiz does not use Gainsight in our production environment or internal business operations.

Wiz is not aware of any circumstance in which our subcontractors or subprocessors have been affected by this issue and impacted Wiz systems or data.

For further information on this incident, please see the Gainsight Incident FAQs.

Sha1-Hulud (2.0) NPM Supply Chain Attack - Investigating

Copy link
General

A new Shai-Hulud-linked npm supply-chain campaign (“Sha1-Hulud”) is compromising major packages to exfiltrate development secrets and sensitive project files. The blast radius is large and the attack is accelerating, thanks to cross-victim exfiltration and a new preinstall-phase malware variant.

Our internal investigation is ongoing but as of this writing, Wiz has not identified any evidence indicating its own product or systems are affected.

Please continue to monitor the Wiz Threat Center for detection and mitigation guidance. See also this post with details on Wiz's public blog.

Latest Cyber and Privacy Audit Reports Now Available

Copy link
Compliance

Our commitment to security and trust remains our top priority! We are excited to announce the successful completion of our comprehensive annual audit cycle. We have received our latest SOC 2 Type II, HIPAA, and SOC 3 audit reports, as well as ISO 27001, ISO 27017, ISO 27018, and ISO 27701 recertifications for this year.

We partnered with A-LIGN as our auditor and are proud of another successful cycle. All reports and certifications are now available in the Compliance section of our Trust Center.

F5 Security Incident - No Impact to Wiz

Copy link
General

Wiz is aware of the recent F5 security breach and can confirm that we do not use any F5 appliances identified as impacted by the breach in our production environment.

Wiz is not aware of any circumstance in which our subcontractors or subprocessors have been affected by this issue and impacted Wiz systems or data.

For further information on this incident, please see the F5 Security Advisory.

Built onSafeBase by Drata Logo