For the best web experience, please use IE11+, Chrome, Firefox, or Safari

OneLogin Compliance Commitment

As a security-first company, data and privacy protection are our # 1 priority.

ISO 27017:2015

The ISO 27017:2015 standard provides guidance to both cloud service providers and consumers of these services in the form of objectives, controls, and guidelines. OneLogin aligned its existing security controls to be compliant to this standard in order to augment its security program. These controls are tested as part of the periodic SOC 2 Type 2 report and an independent body has audited our compliance with this standard as part of our ISO 27001:2013 certificate annual audits.

What’s the primary purpose of this initiative?

The ISO 27017:2015 standard provides guidance to both cloud service providers and consumers of these services in the form of objectives, controls, and guidelines. Alignment with this standard provides additional assurance of the adequacy of OneLogin’s Security Program.

What’s the scope?

OneLogin’s Security Program and its alignment with recommended objectives, control, and guidelines.

How often are you evaluated/audited?

The ISO 27017:2015 controls are tested as part of the periodic SOC 2 Type 2 Report Audits and our ISO 27001:2013 Certification audits.

Who is the primary audience?

Customers and relevant third parties with a business need.

Responsible Disclosures

We take security seriously at OneLogin. As part of our ongoing commitment to provide a best-in-class cloud service, we leverage independent third parties to help us strengthen our security. If you think you have discovered a security vulnerability, we appreciate your help in disclosing it to us in a responsible manner.

Report a vulnerability or view our Security Hall of Fame

Are you a Security Researcher?

We are always looking for talented individuals with security experience.