// Trust & Security Report
Wiz Inc. (subsidiary of Alphabet Inc. / Google Cloud, acquired March 2026)
Cloud-Native Application Protection Platform (CNAPP) combining Cloud Security Posture Management (CSPM), Cloud Infrastructure Entitlement Management (CIEM), Data Security Posture Management (DSPM), vulnerability management, container/Kubernetes security, runtime protection, and AI Security Posture Management (AI-SPM). Multi-cloud enabled for AWS, Azure, GCP, OCI.
Certifications held
18
Maturity
Enterprise
Trains on your data
No
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on trust.wiz.io“SOC 2 Type II audit demonstrating compliance with HIPAA/HITECH requirements. Third-party oversight of organization-wide security and privacy programs.”
Verify on trust.wiz.io“ISO 27001 certification audited on annual basis against industry standards. Information Security Management System (ISMS) standard.”
Verify on trust.wiz.io“ISO 27017 cloud security standard audited annually. Cloud-specific security controls and shared responsibility model.”
Verify on trust.wiz.io“ISO 27018 personal data protection in cloud standard audited annually. 24 additional privacy-specific controls for cloud service providers.”
Verify on trust.wiz.io“ISO 27701 privacy information management system (PIMS) standard audited annually. Extends ISO 27001 with privacy-specific requirements.”
Verify on trust.wiz.io“PCI DSS v4.0.1 Attestation of Compliance (AOC) and Report on Compliance (ROC) in trust center. Payment Card Industry Data Security Standard.”
Verify on wiz.io“Wiz for Government is FedRAMP High Authorized. Meets U.S. government standards for handling FISMA high impact sensitive but unclassified data. Upgraded from FedRAMP Moderate in 2025.”
Verify on cloudsecurityalliance.org“STAR Level 1 (self-assessment). CAIQ Self-assessment v4.0.3 completed April 23, 2025. Assessment marked as deprecated (not renewed within required timeframe).”
Verify on trust.wiz.io“HIPAA compliance verified through SOC 2 Type II audit with HIPAA/HITECH scope. Health Insurance Portability and Accountability Act compliance.”
Verify on trust.wiz.io“CCPA compliance framework included in trust center certifications and continuous compliance coverage.”
Verify on trust.wiz.io“GovRAMP certification available in trust center for government sector customers.”
Verify on trust.wiz.io“Texas-specific RAMP (Risk Assessment and Management Program) certification in trust center.”
Verify on trust.wiz.io“Information Security Registered Assessors Program (IRAP) certification for Australian government use.”
Verify on wiz.io“Wiz offers continuous, audit-ready compliance with GDPR framework. Article 28 DPA agreements available. Data processing agreements in place for GDPR compliance.”
Verify on trust.wiz.io“EcoVadis rating October 2025 - Committed status. Environmental, social, and governance assessment.”
Verify on trust.wiz.io“CPSTIC Service High certification for cloud security in France.”
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Offered
Data region
Multi-region support with data residency controls. Regional data processing available for compliance with GDPR, HIPAA, and other regulatory frameworks. Specific regions available per customer agreement.
Wiz does not train on customer data. The platform applies best available models for security analysis. Wiz includes AI-SPM (AI Security Posture Management) for securing AI workloads. For integrations using the Wiz MCP Server, customers should review Google Cloud's data handling policies. Wiz focuses on privacy-first AI implementation with strict data governance for AI models and agents.
// Security controls
Encryption in transit
TLS/SSL encryption for all data transmission. Network security controls across multi-cloud environments.
trust.wiz.ioEncryption at rest
Cloud-native encryption at rest. Data encrypted in cloud storage (AWS S3, Azure Blob, GCP Cloud Storage) using provider-native encryption.
trust.wiz.ioVulnerability management
Continuous vulnerability scanning and management integrated into CNAPP. Attack path analysis to identify exploitable risks.
wiz.ioPenetration testing
Third-party penetration test reports and red team assessments available in trust center. Annual recurring assessments.
trust.wiz.ioData security posture management
DSPM module for continuous discovery and classification of sensitive data (PII, secrets, IP). Data loss prevention and governance controls.
wiz.ioRuntime protection
eBPF-based runtime sensor for real-time threat detection and response. Cloud and AI runtime security.
wiz.ioIdentity and access management
CIEM module for cloud infrastructure entitlement management. Least privilege access control and identity governance.
wiz.ioIncident response
Wiz Red agent for automated penetration testing and attack path discovery. Wiz Blue agent for threat hunting and investigation.
wiz.io// Products & data scope
data: Multi-cloud: AWS, Azure, GCP, Oracle Cloud. Code, cloud infrastructure, runtime, and AI workloads.
Core unified platform combining CSPM, CIEM, DSPM, vulnerability management, container security, and runtime protection. Agentless scanning. Graph-based context engine for attack path analysis.
data: U.S. government workloads. Handles FISMA high impact sensitive but unclassified data.
FedRAMP High authorized product. Includes DSPM module. Designed for federal agencies and contractors. Available on AWS, with government-specific compliance controls.
data: AI models, agents, training data, vector databases, MCP servers, and AI-related cloud infrastructure.
Discovers AI models, agents, and services. Identifies AI-specific risks: guardrails, data exposure, exposed endpoints. Maps data access for models and agents. Privacy-first AI governance.
data: Code repositories, CI/CD pipelines, infrastructure as code.
AI-powered agent that automatically opens PRs to fix identified security issues at the source. Secure development workflow integration.
data: Cloud environments, network paths, IAM configurations.
Automated penetration testing and attack path discovery. Discovers lateral movement and privilege escalation paths.
data: Cloud logs, runtime events, security findings.
Automated threat hunting, investigation, and validation. Prioritizes real threats vs. noise.
// What to watch
- ACQUISITION: Wiz was acquired by Google Cloud and completed the acquisition on March 11, 2026. Privacy policy now redirects to Google Cloud's cloud acquisitions privacy notice. Product remains multi-cloud independent and not GCP-exclusive, but long-term positioning under Google should be monitored.
- CSA STAR DEPRECATION: CSA STAR Level 1 self-assessment from April 2025 is marked as deprecated (not renewed within required timeframe). Wiz may be planning to pursue higher STAR certification levels or has deprioritized STAR renewal.
- FEDRAMP SCOPE: FedRAMP High certification applies to 'Wiz for Government' product specifically, not the base commercial CNAPP. Customers using commercial Wiz product do not have FedRAMP certification.
- PRIVACY POLICY REDIRECT: Privacy policy URL redirects to Google Cloud. Full privacy terms now managed under Google's cloud acquisitions framework. Verify DPA availability with Wiz sales for specific enterprise requirements.
- MULTI-PRODUCT ARCHITECTURE: Wiz operates as a modular CNAPP with multiple sub-products (Green/Red/Blue agents, AI-SPM). Verify certification scope covers specific modules used in procurement.
// At a glance
Pricing model
Subscription-based SaaS. Custom pricing per environment and use case. No per-agent fees (agentless architecture). Enterprise licensing available.
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Wiz Inc. (subsidiary of Alphabet Inc. / Google Cloud, acquired March 2026)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
wiz.io