Trust Center

Confluent is pleased to announce the successful renewal of our Payment Card Industry Data Security Standard (PCI DSS) compliance. Protecting the integrity of the data streaming through our platform is a cornerstone of our partnership with you, and this renewal reinforces our commitment to maintaining a secure environment for sensitive financial information.

The new Attestation of Compliance (AOC) is now officially available for review within the Confluent Trust Center.

What This Means for You

PCI DSS is the global gold standard for technical and operational requirements designed to protect cardholder data. For organizations leveraging Confluent Cloud to process, store, or transmit encrypted cardholder data, our PCI DSS compliance provides assurance that our infrastructure meets the stringent security controls required by the PCI Security Standards Council (PCI SSC).

Accessing the New AOC

You can access the updated compliance documentation via the Compliance section of the Trust Center.

• Login to the Confluent Trust Center.
• Navigate to the "PCI DSS" card under the Compliance tab.
• Download the latest Attestation of Compliance (AOC) and Shared Responsibility Model

Note: Access to this compliance report requires an active Confluent Trust Center account and the acceptance of a standard Non-Disclosure Agreement (NDA).

At Confluent, security is not a point-in-time event. We continuously monitor our environments to ensure adherence to our security policies and global standards. In addition to PCI DSS, Confluent maintains certifications for SOC 1/2/3, ISO 27001, 27017, 27018, and HIPAA readiness to support customer needs.

Confluent recognizes that for our customers and prospects, the due diligence process can be complex and time consuming. To simplify this, we are pleased to announce the availability of new ‘Ask AI’ feature within the Confluent Trust Center. Developed and powered by SafeBase platform (Now Drata), which hosts our Trust Center, this intelligent assistant is designed to provide fast, well-grounded answers to your security and compliance questions.

How ‘Ask AI’ Accelerates Your Trust Journey

Whether you are an existing customer renewing your risk assessment or a prospect evaluating Confluent Cloud for the first time, ‘Ask AI’ helps you move faster:

• Fast Answers to Complex Questions: To simplify a 20-page audit report, simply ask: “How do you handle data encryption at rest?” or “What is your sub-processor review process?”
• Context-Aware Compliance: Ask about specific certifications (e.g., “Is Confluent HIPAA compliant?”) and receive not just a "yes," but a summary of the relevant controls and links to the supporting documentation.
• 24/7 Self-Service Due Diligence: Speed up your internal security reviews by getting verified answers in seconds, reducing the need for back-and-forth emails with our security team.
• Grounded in Truth: The feature only uses our verified, official documentation available on Trust Center to generate answers. Our security team regularly audits Trust Center content and documentation to ensure accuracy and alignment with our latest certifications.

How to Access ‘Ask AI’

‘Ask AI’ is now available to our customers and prospects who have an account on the Confluent Trust Center.

• Visit the Trust Center: Navigate and login to your account on our Trust Center portal.
• Locate ‘AskAI’: Look for the ‘Ask AI’ toggle on the search bar at the top of the page.
• Start Asking: Type your question and get the curated response.

Continuing Our Commitment to Transparency

By putting Confluent’s security information at your fingertips, we empower our customers to use Confluent with confidence, and we invite you to explore the new feature today. Look for the ‘Ask AI’ toggle to get started.

We are pleased to announce that Confluent Cloud has successfully completed the Information Security Registered Assessors Program (IRAP) assessment at the PROTECTED level.

This milestone reinforces our commitment to providing Australian government agencies and highly regulated organizations with a secure, cloud-native foundation for data-in-motion.

What This Means for Our Customers and Prospects

The IRAP assessment is an Australian government initiative administered by the Australian Signals Directorate (ASD). It provides a framework for an independent, third-party assessment of the security of a system against the requirements of the Australian Government Information Security Manual (ISM).

For Government Agencies:

• Unblock Mission-Critical Workloads: With the PROTECTED level assessment, agencies can now move sensitive workloads to Confluent Cloud with the confidence that the platform meets the rigorous technical and operational safeguards required by the Australian Government.

• Accelerate Digital Transformation: This assessment removes the "compliance bottleneck," allowing departments to focus on building modern, real-time citizen services.

For Enterprise & Regulated Industries:

• Gold-Standard Validation: The IRAP PROTECTED assessment serves as a powerful benchmark of security maturity, particularly for Financial Services and Critical Infrastructure providers who look to the ISM for best practices.

• Immediate Risk Validation: By leveraging our IRAP documentation, your risk and compliance teams can validate Confluent’s security posture on-demand.

Access the IRAP 2025 Reports

The IRAP Letter of Compliance is available now for all registered Trust Center users.

• Existing Users: Simply log in and navigate to the IRAP under "Compliance" section to download the IRAP 2025 Summary Letter of Compliance.

• New Users: Create a profile today to request access to our security documentation

We encourage you to review these documents to better understand how Confluent is constantly working to earn and maintain your trust.

Confluent is dedicated to maintaining the highest standards of security, compliance, and operational integrity. We are pleased to announce the successful completion of our latest audit cycles and the renewal of critical compliance certifications - SOC 1, SOC 2 and HIPAA - reinforcing our commitment to our customers globally.

📋 SOC 1 and SOC 2 Audit Report Availability
We have successfully completed our latest audit cycle for our SOC 1 Type 2 and SOC 2 Type 2 reports, covering the operational period from April 1, 2025, to September 30, 2025.

SOC 1 (Internal Controls over Financial Reporting): Essential for our customers performing audits of their internal controls over financial reporting.

SOC 2 (Security, Availability, and Confidentiality Trust Services Criteria): Provides assurance regarding the design and operating effectiveness of Confluent's controls relevant to the AICPA Trust Services Criteria.

These reports are now available to current customers and prospects on our Trust Center under a signed Non-Disclosure Agreement (NDA).

⚕️ HIPAA Compliance Renewal
Confluent has successfully completed the annual review and renewal of our compliance with the Health Insurance Portability and Accountability Act (HIPAA.

This renewal affirms that Confluent maintains the necessary administrative, physical, and technical safeguards to protect the privacy and security of Protected Health Information (PHI) processed through our platform. This commitment is vital for our healthcare and life sciences customers who rely on Confluent for secure and compliant data streaming solutions.

WCAG / VPAT Accessibility Conformance Report Update for Confluent Cloud
An updated Confluent Cloud Accessibility Conformance Report (WCAG/VPAT) is now available on Confluent’s Trust Center. Based on VPAT v2.5, it documents Confluent Cloud’s alignment to WCAG 2.x, including conformance levels and evaluation methods, to support accessibility due diligence in procurement and vendor risk reviews. Confluent Cloud customers with a Trust Center account may access the report here.

Confluent remains steadfast in its investment in security and compliance to ensure our platform is the trusted foundation for real-time data for all our customers, across every sector and region.

For further information or to request supporting documentation, please visit our Trust Center.

We are excited to announce that Confluent has been awarded the CSA STAR Level 2 Certification for Confluent Cloud. This significant achievement is a testament to our ongoing commitment to transparency and robust security practices for cloud computing.

The Cloud Security Alliance (CSA) STAR (Security, Trust, Assurance and Risk) program is a globally recognized framework that provides an independent, third-party assessment of a cloud service provider's security and privacy controls.

Achieving Level 2 Certification is a rigorous process that involves a comprehensive audit of our security controls against the CSA Cloud Controls Matrix (CCM). This certification demonstrates that Confluent has:

• Undergone a thorough, independent third-party audit of our security posture.
• Aligned our security practices with the industry-leading controls and best practices outlined in the CSA CCM.
• Maintained a high level of security maturity across a wide range of domains, including security and risk management, incident response, data security, and access control.
• Showcased our commitment to transparency by publishing our security assessment results on the publicly accessible CSA STAR Registry.

This certification complements our existing ISO 27001 certification and further validates our efforts to provide a secure and trustworthy data streaming platform. It offers an additional layer of assurance and demonstrates our dedication to meeting the complex security needs of our customers.

Our public listing on CSA STAR Registry will be available in a few weeks.

Thank you for trusting Confluent to secure your data.