// Trust & Security Report

    CrowdStrike Holdings, Inc. logo

    CrowdStrike Holdings, Inc.

    Falcon Platform — unified AI-native cybersecurity suite spanning next-gen endpoint protection (antivirus, EDR, device control, firewall, IT hygiene), next-gen SIEM, identity security (ITDR, PAM, SaaS identity), cloud security (infrastructure, apps, data, AI models), and managed detection & response (MDR). All modules share a common agent and cloud-native architecture.

    Certifications held

    18

    Maturity

    Enterprise

    Trains on your data

    No

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type II
    HELD

    SOC 2 Type 2 reports addressing security, availability, processing integrity, confidentiality, or privacy

    Verify on crowdstrike.com
    SOC 2 Type I
    HELD

    SOC 2 Type I Report for The CrowdStrike Forensic Lab

    Verify on trust.crowdstrike.com
    ISO/IEC 27001:2022
    HELD

    independently assessed and certified to the new ISO/IEC 27001:2022 standard, reflecting the company's commitment to safeguarding information, managing risks effectively, and adhering to global security standards

    Verify on crowdstrike.com
    ISO/IEC 27017:2015
    HELD

    The updated ISO/IEC 27001:2022 Certification includes ISO/IEC 27017:2015, which provides cloud-specific guidance

    Verify on crowdstrike.com
    ISO/IEC 42001:2023
    HELD

    commitment to AI development practices that are trustworthy, transparent, and aligned with international best practices

    Verify on crowdstrike.com
    ISO 22301:2019
    HELD

    ISO 22301:2019 certification listed in trust center certifications

    Verify on trust.crowdstrike.com
    PCI DSS v4.0.1
    HELD

    Falcon platform's functionality with respect to PCI DSS v4, which meets all elements of requirement No. 5: Protect all systems against malware and regularly update antivirus software or programs

    Verify on crowdstrike.com
    GDPR
    HELD

    CrowdStrike adheres to the EU's and UK's General Data Protection Regulation requirements for the proper handling of personal information. Additionally, CrowdStrike is certified under the EU-U.S. Data Privacy Framework, the UK Extension to it, and the Swiss-U.S. Data Privacy Framework

    Verify on crowdstrike.com
    HIPAA
    HELD

    The Falcon platform was verified as addressing eight key Health Insurance Portability and Accountability Act (HIPAA) technical requirements and has been independently validated to assist healthcare organizations in achieving HIPAA compliance

    Verify on crowdstrike.com
    FedRAMP High
    HELD

    CrowdStrike Falcon Platform Earns FedRAMP High Authorization, with Falcon platform available to U.S. federal agencies, public sector organizations, the Defense Industrial Base and critical infrastructure entities

    Verify on crowdstrike.com
    DoD Impact Level 5
    HELD

    Granted Provisional Authorizations by the DISA for Impact Level 5 operations

    Verify on crowdstrike.com
    CSA STAR Level 2
    HELD

    CSA STAR (Levels 1 & 2) - Achieves both certification levels including third-party independent audit

    Verify on crowdstrike.com
    Cyber Essentials
    HELD

    UK Cyber Essentials certification held with independent assessment validation

    Verify on crowdstrike.com
    DORA
    HELD

    DORA certification listed in trust center certifications

    Verify on trust.crowdstrike.com
    ENS High (Spain)
    HELD

    Spain ENS High (EDR) - only modern endpoint security platform with the highest achievable level of accreditation

    Verify on crowdstrike.com
    TISAX
    HELD

    TISAX certification held with independent assessment validation

    Verify on crowdstrike.com
    C5
    HELD

    C5 certification listed in trust center certifications

    Verify on trust.crowdstrike.com
    GovRAMP
    HELD

    GovRAMP certification listed in trust center certifications

    Verify on trust.crowdstrike.com

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Offered

    Data region

    Multiple geographic regions with data processing agreements and appropriate safeguards; compliant with GDPR adequacy requirements and US-EU/Swiss Data Privacy Frameworks

    CrowdStrike employs Privacy-by-Design principles and uses synthetic data to train AI models rather than customer data. Privacy notice explicitly states: 'This Notice does not apply to the information our customers upload or provide to us when they use our Offerings,' with separate Data Protection Agreement governing customer data handling. Platform includes capabilities to detect and prevent movement of sensitive data to AI training systems (Amazon Bedrock, SageMaker).

    // Security controls

    Encryption in Transit

    Data protected with encryption; specific protocols documented in Data Protection Agreement and security assessments

    crowdstrike.com

    Data Retention

    Customer Personal Data deleted within 90 days of service deprovisioning unless retention required by law or agreement

    crowdstrike.com

    Data Discovery & Classification

    Cloud data classification and visibility without proxies or added infrastructure via eBPF sensors

    crowdstrike.com

    Runtime Data Monitoring

    Monitors sensitive data in motion across APIs, cloud services, and applications to detect risky movement and exfiltration in real time

    crowdstrike.com

    GenAI Data Protection

    Detects movement of sensitive data to GenAI tools, APIs, and model training (Amazon Bedrock, SageMaker) with automated response integration

    crowdstrike.com

    // Products & data scope

    Falcon Next-Gen Endpoint Protection (Go, Pro, Enterprise tiers)Endpoint Detection & Response (EDR)

    data: Endpoint telemetry, process execution, network connections, file activity

    Includes antivirus, device control, mobile protection, firewall management, threat hunting, IT hygiene. SOC 2 Type II, ISO 27001, PCI DSS v4, HIPAA validated, FedRAMP High certified.

    Falcon Next-Gen SIEMSecurity Information & Event Management

    data: Log aggregation from endpoints, cloud, identity, SaaS; correlates cross-domain detections

    AI-native SIEM engine optimized for speed and automation. Supports compliance reporting (NIST, GDPR, HIPAA). Part of Falcon Platform unified architecture.

    Falcon Next-Gen Identity SecurityIdentity & Access Management

    data: Identity events, authentication logs, privilege escalation, SaaS identity, AI agent identity

    Unified security for human, non-human, AI identities and SaaS. ITDR, PAM, SaaS identity security modules. ISO 27001, PCI DSS, HIPAA compliant.

    Falcon Cloud SecurityCloud Infrastructure & Data Security

    data: Cloud infrastructure (AWS, Azure, GCP), container/Kubernetes, AI model scanning, data classification, API security

    Agentless cloud workload protection with AI model scanning and security dashboards. ISO 27017, ISO 27001, HIPAA, PCI DSS compliant.

    Falcon Complete Next-Gen MDRManaged Detection & Response

    data: 24/7 expert-led monitoring of endpoint, cloud, identity, and SaaS security events

    Fully managed service combining Falcon Platform telemetry with human expert analysis. Includes breach prevention warranty. FedRAMP High, SOC 2 Type II.

    Falcon for XIoT & OT SecurityIoT & Operational Technology Security

    data: Connected devices, operational technology network traffic, industrial control systems

    Extended IoT and OT security. FedRAMP High authorized. Serves federal agencies and critical infrastructure.

    Charlotte AIAI-native Agentic SOC

    data: Aggregated security telemetry from all Falcon modules for agentic investigation and response

    Agentic workflow automation for SOC operations. FedRAMP High authorized as of 2026. ISO 42001 (AI governance) certified.

    // At a glance

    Pricing model

    Per-device annual or monthly subscriptions (Falcon Go $59.99, Pro $99.99, Enterprise $184.99 per device annually; Falcon Complete pricing on contract basis)

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on CrowdStrike Holdings, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    trust.crowdstrike.com

    > Browse all vendor trust reports