Finding GitHub's security documents - some helpful tips!

Emmett Jones Community Moderator Vanta Team Member Conversation starter

We get the question from customers, "I can't access GitHub's SOC 2 because I am not a GitHub Enterprise customer, does that mean I need to upgrade my GitHub account?"

Thankfully, No!  You have a few options you can reference as part of your Vendor review and documentation for GitHub:

Comments

3 comments

  • Comment author
    Shannon Idea generator Vanta Team Member Conversation starter
    • Official comment

    Hi Jonathan Palumbo!

    This is a great question - it looks like it can be found in a few places: 

    From Github: Our newly available ISO/IEC 27001:2013 Certification report can be downloaded now.

    • For enterprises, administrators may download this report by navigating to the Compliance tab of the enterprise account: https://github.com/enterprises/"your-enterprise"/settings/compliance.
    • For organizations, owners may find these reports under 'Security' > Authentication Security settings tab of their organization: https://github.com/organizations/"your-org"/settings/security.
    • For everyone else, you may download this report at any time by navigating to the GitHub security page, https://github.com/security.

     

    If you access the link referenced above from @..., if you scroll down to the bottom of the page, you have the option to view the different certificates. (It's about midway down the page: https://github.com/security.)

    Feel free to reach out if you still run into issues! 

  • Comment author
    Shannon Idea generator Vanta Team Member Conversation starter
    • Edited

    This is excellent advice, @.... The customer success team is always looking out for our customers! 🔥💜

    0
  • Comment author
    Jonathan Palumbo Conversation starter

    I don't see the ISO Certificate on that page. Could you point me to where it is exactly?

    0

Please sign in to leave a comment.