Finding GitHub's security documents - some helpful tips!

Emmett Jones Community Moderator Vanta Team Member Conversation starter

We get the question from customers, "I can't access GitHub's SOC 2 because I am not a GitHub Enterprise customer, does that mean I need to upgrade my GitHub account?"

Thankfully, No!  You have a few options you can reference as part of your Vendor review and documentation for GitHub:



  • Comment author
    Shannon Idea generator Vanta Team Member Conversation starter
    • Official comment

    Hi Jonathan Palumbo!

    This is a great question - it looks like it can be found in a few places: 

    From Github: Our newly available ISO/IEC 27001:2013 Certification report can be downloaded now.

    • For enterprises, administrators may download this report by navigating to the Compliance tab of the enterprise account:"your-enterprise"/settings/compliance.
    • For organizations, owners may find these reports under 'Security' > Authentication Security settings tab of their organization:"your-org"/settings/security.
    • For everyone else, you may download this report at any time by navigating to the GitHub security page,


    If you access the link referenced above from Emmett Jones, if you scroll down to the bottom of the page, you have the option to view the different certificates. (It's about midway down the page:

    Feel free to reach out if you still run into issues! 

  • Comment author
    Shannon Idea generator Vanta Team Member Conversation starter
    • Edited

    This is excellent advice, Emmett Jones. The customer success team is always looking out for our customers! 🔥💜

  • Comment author
    Jonathan Palumbo Conversation starter

    I don't see the ISO Certificate on that page. Could you point me to where it is exactly?


Please sign in to leave a comment.