// Trust & Security Report
CrowdStrike Holdings, Inc.
Falcon Platform — unified AI-native cybersecurity suite spanning next-gen endpoint protection (antivirus, EDR, device control, firewall, IT hygiene), next-gen SIEM, identity security (ITDR, PAM, SaaS identity), cloud security (infrastructure, apps, data, AI models), and managed detection & response (MDR). All modules share a common agent and cloud-native architecture.
Certifications held
18
Maturity
Enterprise
Trains on your data
No
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on crowdstrike.com“SOC 2 Type 2 reports addressing security, availability, processing integrity, confidentiality, or privacy”
Verify on trust.crowdstrike.com“SOC 2 Type I Report for The CrowdStrike Forensic Lab”
Verify on crowdstrike.com“independently assessed and certified to the new ISO/IEC 27001:2022 standard, reflecting the company's commitment to safeguarding information, managing risks effectively, and adhering to global security standards”
Verify on crowdstrike.com“The updated ISO/IEC 27001:2022 Certification includes ISO/IEC 27017:2015, which provides cloud-specific guidance”
Verify on crowdstrike.com“commitment to AI development practices that are trustworthy, transparent, and aligned with international best practices”
Verify on trust.crowdstrike.com“ISO 22301:2019 certification listed in trust center certifications”
Verify on crowdstrike.com“Falcon platform's functionality with respect to PCI DSS v4, which meets all elements of requirement No. 5: Protect all systems against malware and regularly update antivirus software or programs”
Verify on crowdstrike.com“CrowdStrike adheres to the EU's and UK's General Data Protection Regulation requirements for the proper handling of personal information. Additionally, CrowdStrike is certified under the EU-U.S. Data Privacy Framework, the UK Extension to it, and the Swiss-U.S. Data Privacy Framework”
Verify on crowdstrike.com“The Falcon platform was verified as addressing eight key Health Insurance Portability and Accountability Act (HIPAA) technical requirements and has been independently validated to assist healthcare organizations in achieving HIPAA compliance”
Verify on crowdstrike.com“CrowdStrike Falcon Platform Earns FedRAMP High Authorization, with Falcon platform available to U.S. federal agencies, public sector organizations, the Defense Industrial Base and critical infrastructure entities”
Verify on crowdstrike.com“Granted Provisional Authorizations by the DISA for Impact Level 5 operations”
Verify on crowdstrike.com“CSA STAR (Levels 1 & 2) - Achieves both certification levels including third-party independent audit”
Verify on crowdstrike.com“UK Cyber Essentials certification held with independent assessment validation”
Verify on crowdstrike.com“Spain ENS High (EDR) - only modern endpoint security platform with the highest achievable level of accreditation”
Verify on trust.crowdstrike.com“GovRAMP certification listed in trust center certifications”
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Offered
Data region
Multiple geographic regions with data processing agreements and appropriate safeguards; compliant with GDPR adequacy requirements and US-EU/Swiss Data Privacy Frameworks
CrowdStrike employs Privacy-by-Design principles and uses synthetic data to train AI models rather than customer data. Privacy notice explicitly states: 'This Notice does not apply to the information our customers upload or provide to us when they use our Offerings,' with separate Data Protection Agreement governing customer data handling. Platform includes capabilities to detect and prevent movement of sensitive data to AI training systems (Amazon Bedrock, SageMaker).
// Security controls
Encryption in Transit
Data protected with encryption; specific protocols documented in Data Protection Agreement and security assessments
crowdstrike.comData Retention
Customer Personal Data deleted within 90 days of service deprovisioning unless retention required by law or agreement
crowdstrike.comData Discovery & Classification
Cloud data classification and visibility without proxies or added infrastructure via eBPF sensors
crowdstrike.comRuntime Data Monitoring
Monitors sensitive data in motion across APIs, cloud services, and applications to detect risky movement and exfiltration in real time
crowdstrike.comGenAI Data Protection
Detects movement of sensitive data to GenAI tools, APIs, and model training (Amazon Bedrock, SageMaker) with automated response integration
crowdstrike.com// Products & data scope
data: Endpoint telemetry, process execution, network connections, file activity
Includes antivirus, device control, mobile protection, firewall management, threat hunting, IT hygiene. SOC 2 Type II, ISO 27001, PCI DSS v4, HIPAA validated, FedRAMP High certified.
data: Log aggregation from endpoints, cloud, identity, SaaS; correlates cross-domain detections
AI-native SIEM engine optimized for speed and automation. Supports compliance reporting (NIST, GDPR, HIPAA). Part of Falcon Platform unified architecture.
data: Identity events, authentication logs, privilege escalation, SaaS identity, AI agent identity
Unified security for human, non-human, AI identities and SaaS. ITDR, PAM, SaaS identity security modules. ISO 27001, PCI DSS, HIPAA compliant.
data: Cloud infrastructure (AWS, Azure, GCP), container/Kubernetes, AI model scanning, data classification, API security
Agentless cloud workload protection with AI model scanning and security dashboards. ISO 27017, ISO 27001, HIPAA, PCI DSS compliant.
data: 24/7 expert-led monitoring of endpoint, cloud, identity, and SaaS security events
Fully managed service combining Falcon Platform telemetry with human expert analysis. Includes breach prevention warranty. FedRAMP High, SOC 2 Type II.
data: Connected devices, operational technology network traffic, industrial control systems
Extended IoT and OT security. FedRAMP High authorized. Serves federal agencies and critical infrastructure.
data: Aggregated security telemetry from all Falcon modules for agentic investigation and response
Agentic workflow automation for SOC operations. FedRAMP High authorized as of 2026. ISO 42001 (AI governance) certified.
// At a glance
Pricing model
Per-device annual or monthly subscriptions (Falcon Go $59.99, Pro $99.99, Enterprise $184.99 per device annually; Falcon Complete pricing on contract basis)
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on CrowdStrike Holdings, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
trust.crowdstrike.com