Trust Center

Confluent recognizes that for our customers and prospects, the due diligence process can be complex and time consuming. To simplify this, we are pleased to announce the availability of new ‘Ask AI’ feature within the Confluent Trust Center. Developed and powered by SafeBase platform (Now Drata), which hosts our Trust Center, this intelligent assistant is designed to provide fast, well-grounded answers to your security and compliance questions.

How ‘Ask AI’ Accelerates Your Trust Journey

Whether you are an existing customer renewing your risk assessment or a prospect evaluating Confluent Cloud for the first time, ‘Ask AI’ helps you move faster:

• Fast Answers to Complex Questions: To simplify a 20-page audit report, simply ask: “How do you handle data encryption at rest?” or “What is your sub-processor review process?”
• Context-Aware Compliance: Ask about specific certifications (e.g., “Is Confluent HIPAA compliant?”) and receive not just a "yes," but a summary of the relevant controls and links to the supporting documentation.
• 24/7 Self-Service Due Diligence: Speed up your internal security reviews by getting verified answers in seconds, reducing the need for back-and-forth emails with our security team.
• Grounded in Truth: The feature only uses our verified, official documentation available on Trust Center to generate answers. Our security team regularly audits Trust Center content and documentation to ensure accuracy and alignment with our latest certifications.

How to Access ‘Ask AI’

‘Ask AI’ is now available to our customers and prospects who have an account on the Confluent Trust Center.

• Visit the Trust Center: Navigate and login to your account on our Trust Center portal.
• Locate ‘AskAI’: Look for the ‘Ask AI’ toggle on the search bar at the top of the page.
• Start Asking: Type your question and get the curated response.

Continuing Our Commitment to Transparency

By putting Confluent’s security information at your fingertips, we empower our customers to use Confluent with confidence, and we invite you to explore the new feature today. Look for the ‘Ask AI’ toggle to get started.

We are pleased to announce that Confluent Cloud has successfully completed the Information Security Registered Assessors Program (IRAP) assessment at the PROTECTED level.

This milestone reinforces our commitment to providing Australian government agencies and highly regulated organizations with a secure, cloud-native foundation for data-in-motion.

What This Means for Our Customers and Prospects

The IRAP assessment is an Australian government initiative administered by the Australian Signals Directorate (ASD). It provides a framework for an independent, third-party assessment of the security of a system against the requirements of the Australian Government Information Security Manual (ISM).

For Government Agencies:

• Unblock Mission-Critical Workloads: With the PROTECTED level assessment, agencies can now move sensitive workloads to Confluent Cloud with the confidence that the platform meets the rigorous technical and operational safeguards required by the Australian Government.

• Accelerate Digital Transformation: This assessment removes the "compliance bottleneck," allowing departments to focus on building modern, real-time citizen services.

For Enterprise & Regulated Industries:

• Gold-Standard Validation: The IRAP PROTECTED assessment serves as a powerful benchmark of security maturity, particularly for Financial Services and Critical Infrastructure providers who look to the ISM for best practices.

• Immediate Risk Validation: By leveraging our IRAP documentation, your risk and compliance teams can validate Confluent’s security posture on-demand.

Access the IRAP 2025 Reports

The IRAP Letter of Compliance is available now for all registered Trust Center users.

• Existing Users: Simply log in and navigate to the IRAP under "Compliance" section to download the IRAP 2025 Summary Letter of Compliance.

• New Users: Create a profile today to request access to our security documentation

We encourage you to review these documents to better understand how Confluent is constantly working to earn and maintain your trust.

Confluent is dedicated to maintaining the highest standards of security, compliance, and operational integrity. We are pleased to announce the successful completion of our latest audit cycles and the renewal of critical compliance certifications - SOC 1, SOC 2 and HIPAA - reinforcing our commitment to our customers globally.

📋 SOC 1 and SOC 2 Audit Report Availability
We have successfully completed our latest audit cycle for our SOC 1 Type 2 and SOC 2 Type 2 reports, covering the operational period from April 1, 2025, to September 30, 2025.

SOC 1 (Internal Controls over Financial Reporting): Essential for our customers performing audits of their internal controls over financial reporting.

SOC 2 (Security, Availability, and Confidentiality Trust Services Criteria): Provides assurance regarding the design and operating effectiveness of Confluent's controls relevant to the AICPA Trust Services Criteria.

These reports are now available to current customers and prospects on our Trust Center under a signed Non-Disclosure Agreement (NDA).

⚕️ HIPAA Compliance Renewal
Confluent has successfully completed the annual review and renewal of our compliance with the Health Insurance Portability and Accountability Act (HIPAA.

This renewal affirms that Confluent maintains the necessary administrative, physical, and technical safeguards to protect the privacy and security of Protected Health Information (PHI) processed through our platform. This commitment is vital for our healthcare and life sciences customers who rely on Confluent for secure and compliant data streaming solutions.

WCAG / VPAT Accessibility Conformance Report Update for Confluent Cloud
An updated Confluent Cloud Accessibility Conformance Report (WCAG/VPAT) is now available on Confluent’s Trust Center. Based on VPAT v2.5, it documents Confluent Cloud’s alignment to WCAG 2.x, including conformance levels and evaluation methods, to support accessibility due diligence in procurement and vendor risk reviews. Confluent Cloud customers with a Trust Center account may access the report here.

Confluent remains steadfast in its investment in security and compliance to ensure our platform is the trusted foundation for real-time data for all our customers, across every sector and region.

For further information or to request supporting documentation, please visit our Trust Center.

We are excited to announce that Confluent has been awarded the CSA STAR Level 2 Certification for Confluent Cloud. This significant achievement is a testament to our ongoing commitment to transparency and robust security practices for cloud computing.

The Cloud Security Alliance (CSA) STAR (Security, Trust, Assurance and Risk) program is a globally recognized framework that provides an independent, third-party assessment of a cloud service provider's security and privacy controls.

Achieving Level 2 Certification is a rigorous process that involves a comprehensive audit of our security controls against the CSA Cloud Controls Matrix (CCM). This certification demonstrates that Confluent has:

• Undergone a thorough, independent third-party audit of our security posture.
• Aligned our security practices with the industry-leading controls and best practices outlined in the CSA CCM.
• Maintained a high level of security maturity across a wide range of domains, including security and risk management, incident response, data security, and access control.
• Showcased our commitment to transparency by publishing our security assessment results on the publicly accessible CSA STAR Registry.

This certification complements our existing ISO 27001 certification and further validates our efforts to provide a secure and trustworthy data streaming platform. It offers an additional layer of assurance and demonstrates our dedication to meeting the complex security needs of our customers.

Our public listing on CSA STAR Registry will be available in a few weeks.

Thank you for trusting Confluent to secure your data.

At Confluent, the security of our customers' data and the reliability of our platform are paramount. We are proud to announce that Confluent has successfully achieved the Cyber Essentials Plus certification, the highest level of assurance offered under the UK government-backed Cyber Essentials scheme.

What is Cyber Essentials Plus?

Cyber Essentials Plus is a comprehensive, independently audited program that goes beyond a self-assessment. To achieve this certification, Confluent underwent a rigorous technical examination of our systems by an accredited third-party assessor.

In order achieve Cyber Essentials plus organisations must hold a valid Cyber Essentials certificate which Confluent currently holds.

Cyber Essentials helps organisations stay safe by ensuring following 5 technical controls are in place:

• Secure configuration of our hardware and software.
• Boundary firewalls and internet gateways to control access.
• Access control mechanisms to manage user privileges.
• Malware protection to defend against viruses and spyware.
• Patch management to ensure systems are up-to-date and protected against known vulnerabilities.

What This Means for Our Customers

This certification provides concrete, verifiable evidence of our strong security posture and operational excellence:

• Defense Against Common Threats: It confirms that we have implemented the critical technical controls necessary to defend against the vast majority of commodity cyber attacks.
• Operational Maturity: It validates our processes for secure configuration, access control, patch management, and malware protection are not just documented, but effectively enforced across our environment.
• Heightened Assurance: For customers, particularly those operating with governmental or stringent regulatory requirements, Cyber Essentials Plus offers a powerful layer of trust and assurance in the security of the Confluent platform.

Significance for UK Public Sector
For our current and prospective customers across the UK Public Sector (including central government, the NHS, and local authorities), this certification is particularly important:

• Contract Requirement: Achieving Cyber Essentials Plus demonstrates compliance with the UK government's requirements for suppliers bidding for and managing contracts that involve handling official government data, citizen personal information, or providing certain IT services.
• Mitigating Supply Chain Risk: It provides Public Sector procurement teams with the highest level of confidence that Confluent meets the necessary baseline cyber hygiene to reduce supply chain risk, in line with the government's security mandates.
• Accelerated Trust: It serves as a recognized, audited standard that accelerates the due diligence process, ensuring we can partner quickly and securely to help government bodies stream their data in real-time.

Accessing the document:
You can download a copy of our Cyber Essential certificate directly from our Trust Center here.

We are committed to providing the UK public sector with a secure and compliant platform to power real-time data streaming and innovation.

For detailed information regarding our full range of security and compliance certifications, please visit Confluent Trust Center, or contact your Confluent account representative.