We get the question from customers, "I can't access GitHub's SOC 2 because I am not a GitHub Enterprise customer, does that mean I need to upgrade my GitHub account?"
Thankfully, No! You have a few options you can reference as part of your Vendor review and documentation for GitHub:
- GitHub's SOC3 (a redacted version of a SOC2)
- GitHub's ISO27001 certificate
- You can find it all here: https://github.com/security