Compliance at Docker
ISO 27001
ISO 27701
SOC 2
CSA Trusted Cloud
Our compliance
Audits and Certifications FAQs
Who’s responsible for Docker Compliance?
Docker’s Security and GRC team manages our security and compliance program. A dedicated team with legal, security engineering, information security, and GRC resources supervises all security and privacy-related business operations.
Has Docker’s security program been SOC 2 audited by a certified third party?
Yes. Docker undergoes annual SOC 2 Type 2 audits.
How can I get a copy of Docker’s SOC 2 report?
Our SOC 2 Type 2 report is available via our Trust Center. Customers can obtain a copy by submitting a request.
What Docker products are in scope for your SOC 2 audits?
The current SOC 2 Type 2 audit report includes Docker Desktop, Hub, Scout, Build Cloud, Testcontainers Cloud, Docker Hardened Images (DHI), and Offload. As new products are introduced, they are evaluated for scoping and inclusion in our audits based on GA release date and the reporting cycle.
Are sub-processors audited?
Docker relies on cloud hosting providers and sub-processors in a shared responsibility model. Their security responsibilities are covered in the cloud hosting provider’s compliance attestations (e.g., SOC 2, ISO 27001, ISO 27701), which Docker reviews annually.
Does the scope of the SOC audit include both public and private registries/repositories?
Yes. All of Docker Hub is included, which includes public and private repositories.
When did Docker become ISO 27001 and ISO 27701 certified?
Docker first achieved ISO 27001 certification in April 2024 and ISO 27701 certification in May 2026. Docker’s ISO 27701 scope and certifying body are as provided by the actual certificate. Our ISO documents are available to customers under NDA on our Trust Center.
Is Docker NIST SP 800-53 certified?
Docker follows NIST standards where applicable, but our alignment is not 100%.
Does Docker perform internal audits?
Yes. Docker has a Governance, Risk, and Compliance team that is responsible for performing internal assessments of Docker’s control environment. The audits are focused on technical and security requirements, as well as compliance with contractual obligations and applicable legislation (i.e., GDPR).
Does Docker give customers audit rights?
Docker does not provide audit rights beyond questionnaires. Our compliance reports, security policy TOCs, and frequently requested security documentation are available to customers on our Trust Center. Customers can submit a documentation request.
Does Docker comply with GDPR, CCPA, and other data privacy laws?
Yes. Due to our worldwide customer base, Docker is subject to many different privacy laws and regulations. Docker complies with leading privacy regulations like GDPR, CCPA, CPA, CTDPA, VCDPA, UCPA, and The APEC Privacy Framework. See our Privacy FAQs for more information.
Related content
Security
Find answers to questions about Docker’s security program and links to see product security notices, report a vulnerability, and more.
Go to security
Availability
Find information about our BC/DR, backup processes, and availability. Access real-time and historical uptime information.
Go to availability
Privacy
Learn about Docker’s Privacy Program and how we comply with specific regulations such as GDPR and CCPA.
Go to privacy
Compliance
Learn about Docker’s certifications and compliance requirements such as SOC 2, ISO 27001, ISO 27701, GDPR and CCPA.
Go to compliance