CommunityDevOps ExchangePartners

Enterprise-Grade Security for Your Salesforce Development

Copado protects your deployments and testing with an ironclad security framework, internal and external audits, penetration testing and a team of cybersecurity experts. Discover our enterprise-grade security policies, procedures and controls.


Security and Compliance

Control Environment

  • Copado maintains ISO 27001 and SOC 2 Type 2 certification and attestation examinations, performed annually by an independent audit firm.
  • Copado is FedRAMP® Authorized, visit the FedRAMP Marketplace to learn more about our FedRAMP Moderate GovCloud product.
  • We undergo annual third party penetration testing.
  • We have a dedicated Security Compliance team that implements and monitors our security framework and controls.
  • The Copado security framework consists of policies, procedures and controls that align to ISO 27001, SOC 2, FedRAMP and GDPR and other privacy requirements.
  • We utilize third-party, cloud-based data centers, which maintain network architecture and data layer controls that meet the requirements of the most security-sensitive organizations.
  • Our employees attend security awareness training upon hire and annually, and are required to adhere to the Copado code of conduct.
  • Annual risk assessments are performed to ensure we are addressing current as well as emerging risks.
  • We follow change management procedures for all changes to the organization and the Copado platform.

Physical Security

Our third party cloud data centers have the highest standards for data privacy and security. Controls are in place at the perimeter, infrastructure, and environmental layers to ensure strong physical protection, and are audited regularly to ensure they comply with various security certifications and standards. In addition, Copado reviews these security certifications annually to ensure standards are properly maintained. 

The data centers have several security-related certifications, including ISO 27001, SOC 2, FedRAMP, HIPAA, NIST, and several others.

Application and Network Security

  • All software releases and new features are reviewed and tested before release, according to our change management procedures.
  • Our testing and staging environments are separate from production environments, and no actual customer data is ever used for testing.
  • We have automated vulnerability scans that run at regular intervals, and are addressed according to our vulnerability management process.
  • Automated monitoring, logging, and system alerts are in place.
  • We control our role based, least privilege system access (including granting and revoking), and formally review all admins and users quarterly.


Customer data is encrypted in transit and at rest, and within our databases.


  • We perform regular backups of data, and backup testing is performed annually.
  • We maintain documented incident response and disaster recovery policies and procedures, and testing as well as team training is performed annually.

Downloadable Reports

SOC 2 Type 2 Report

Restricted use report that describes the systems and security and confidentiality controls that are in place to protect data.

Download Now
ISO 27001 Certificate

Certificate that was obtained through a third party audit against the international security standard relating to managing information security.

Download Now

Get Better Security

For anonymous Security or Privacy comments, questions or complaints, you may call our toll free telephone number: 1-(888) 210-4282

For any other questions, contact us here.