// Trust & Security Report

    Wiz Inc. (subsidiary of Alphabet Inc. / Google Cloud, acquired March 2026) logo

    Wiz Inc. (subsidiary of Alphabet Inc. / Google Cloud, acquired March 2026)

    Cloud-Native Application Protection Platform (CNAPP) combining Cloud Security Posture Management (CSPM), Cloud Infrastructure Entitlement Management (CIEM), Data Security Posture Management (DSPM), vulnerability management, container/Kubernetes security, runtime protection, and AI Security Posture Management (AI-SPM). Multi-cloud enabled for AWS, Azure, GCP, OCI.

    Certifications held

    18

    Maturity

    Enterprise

    Trains on your data

    No

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type II (with HIPAA/HITECH)
    HELD

    SOC 2 Type II audit demonstrating compliance with HIPAA/HITECH requirements. Third-party oversight of organization-wide security and privacy programs.

    Verify on trust.wiz.io
    SOC 3
    HELD

    SOC 3 certification available in trust center documentation.

    Verify on trust.wiz.io
    ISO/IEC 27001:2022
    HELD

    ISO 27001 certification audited on annual basis against industry standards. Information Security Management System (ISMS) standard.

    Verify on trust.wiz.io
    ISO/IEC 27017:2015
    HELD

    ISO 27017 cloud security standard audited annually. Cloud-specific security controls and shared responsibility model.

    Verify on trust.wiz.io
    ISO/IEC 27018:2019
    HELD

    ISO 27018 personal data protection in cloud standard audited annually. 24 additional privacy-specific controls for cloud service providers.

    Verify on trust.wiz.io
    ISO/IEC 27701
    HELD

    ISO 27701 privacy information management system (PIMS) standard audited annually. Extends ISO 27001 with privacy-specific requirements.

    Verify on trust.wiz.io
    PCI DSS v4.0.1
    HELD

    PCI DSS v4.0.1 Attestation of Compliance (AOC) and Report on Compliance (ROC) in trust center. Payment Card Industry Data Security Standard.

    Verify on trust.wiz.io
    FedRAMP High (Wiz for Government)
    HELD

    Wiz for Government is FedRAMP High Authorized. Meets U.S. government standards for handling FISMA high impact sensitive but unclassified data. Upgraded from FedRAMP Moderate in 2025.

    Verify on wiz.io
    CSA STAR Level 1
    HELD

    STAR Level 1 (self-assessment). CAIQ Self-assessment v4.0.3 completed April 23, 2025. Assessment marked as deprecated (not renewed within required timeframe).

    Verify on cloudsecurityalliance.org
    HIPAA
    HELD

    HIPAA compliance verified through SOC 2 Type II audit with HIPAA/HITECH scope. Health Insurance Portability and Accountability Act compliance.

    Verify on trust.wiz.io
    CCPA (California Consumer Privacy Act)
    HELD

    CCPA compliance framework included in trust center certifications and continuous compliance coverage.

    Verify on trust.wiz.io
    GovRAMP
    HELD

    GovRAMP certification available in trust center for government sector customers.

    Verify on trust.wiz.io
    TX-RAMP (Texas)
    HELD

    Texas-specific RAMP (Risk Assessment and Management Program) certification in trust center.

    Verify on trust.wiz.io
    IRAP (Australia)
    HELD

    Information Security Registered Assessors Program (IRAP) certification for Australian government use.

    Verify on trust.wiz.io
    GDPR (Compliance Posture)
    HELD

    Wiz offers continuous, audit-ready compliance with GDPR framework. Article 28 DPA agreements available. Data processing agreements in place for GDPR compliance.

    Verify on wiz.io
    EcoVadis
    HELD

    EcoVadis rating October 2025 - Committed status. Environmental, social, and governance assessment.

    Verify on trust.wiz.io
    CPSTIC Service High (France)
    HELD

    CPSTIC Service High certification for cloud security in France.

    Verify on trust.wiz.io
    TruSight
    HELD

    TruSight certification available in trust center documentation.

    Verify on trust.wiz.io

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Offered

    Data region

    Multi-region support with data residency controls. Regional data processing available for compliance with GDPR, HIPAA, and other regulatory frameworks. Specific regions available per customer agreement.

    Wiz does not train on customer data. The platform applies best available models for security analysis. Wiz includes AI-SPM (AI Security Posture Management) for securing AI workloads. For integrations using the Wiz MCP Server, customers should review Google Cloud's data handling policies. Wiz focuses on privacy-first AI implementation with strict data governance for AI models and agents.

    // Security controls

    Encryption in transit

    TLS/SSL encryption for all data transmission. Network security controls across multi-cloud environments.

    trust.wiz.io

    Encryption at rest

    Cloud-native encryption at rest. Data encrypted in cloud storage (AWS S3, Azure Blob, GCP Cloud Storage) using provider-native encryption.

    trust.wiz.io

    Vulnerability management

    Continuous vulnerability scanning and management integrated into CNAPP. Attack path analysis to identify exploitable risks.

    wiz.io

    Penetration testing

    Third-party penetration test reports and red team assessments available in trust center. Annual recurring assessments.

    trust.wiz.io

    Data security posture management

    DSPM module for continuous discovery and classification of sensitive data (PII, secrets, IP). Data loss prevention and governance controls.

    wiz.io

    Runtime protection

    eBPF-based runtime sensor for real-time threat detection and response. Cloud and AI runtime security.

    wiz.io

    Identity and access management

    CIEM module for cloud infrastructure entitlement management. Least privilege access control and identity governance.

    wiz.io

    Incident response

    Wiz Red agent for automated penetration testing and attack path discovery. Wiz Blue agent for threat hunting and investigation.

    wiz.io

    // Products & data scope

    Cloud Native Application Protection Platform (CNAPP)Cloud Security

    data: Multi-cloud: AWS, Azure, GCP, Oracle Cloud. Code, cloud infrastructure, runtime, and AI workloads.

    Core unified platform combining CSPM, CIEM, DSPM, vulnerability management, container security, and runtime protection. Agentless scanning. Graph-based context engine for attack path analysis.

    Wiz for Government (FedRAMP High)Government / Public Sector

    data: U.S. government workloads. Handles FISMA high impact sensitive but unclassified data.

    FedRAMP High authorized product. Includes DSPM module. Designed for federal agencies and contractors. Available on AWS, with government-specific compliance controls.

    AI Security Posture Management (AI-SPM)AI Security

    data: AI models, agents, training data, vector databases, MCP servers, and AI-related cloud infrastructure.

    Discovers AI models, agents, and services. Identifies AI-specific risks: guardrails, data exposure, exposed endpoints. Maps data access for models and agents. Privacy-first AI governance.

    Wiz Green Agent (Auto-remediation)Automation / Response

    data: Code repositories, CI/CD pipelines, infrastructure as code.

    AI-powered agent that automatically opens PRs to fix identified security issues at the source. Secure development workflow integration.

    Wiz Red Agent (Offensive Security)Attack Simulation / Testing

    data: Cloud environments, network paths, IAM configurations.

    Automated penetration testing and attack path discovery. Discovers lateral movement and privilege escalation paths.

    Wiz Blue Agent (Threat Hunting)Detection & Response / SecOps

    data: Cloud logs, runtime events, security findings.

    Automated threat hunting, investigation, and validation. Prioritizes real threats vs. noise.

    // What to watch

    • ACQUISITION: Wiz was acquired by Google Cloud and completed the acquisition on March 11, 2026. Privacy policy now redirects to Google Cloud's cloud acquisitions privacy notice. Product remains multi-cloud independent and not GCP-exclusive, but long-term positioning under Google should be monitored.
    • CSA STAR DEPRECATION: CSA STAR Level 1 self-assessment from April 2025 is marked as deprecated (not renewed within required timeframe). Wiz may be planning to pursue higher STAR certification levels or has deprioritized STAR renewal.
    • FEDRAMP SCOPE: FedRAMP High certification applies to 'Wiz for Government' product specifically, not the base commercial CNAPP. Customers using commercial Wiz product do not have FedRAMP certification.
    • PRIVACY POLICY REDIRECT: Privacy policy URL redirects to Google Cloud. Full privacy terms now managed under Google's cloud acquisitions framework. Verify DPA availability with Wiz sales for specific enterprise requirements.
    • MULTI-PRODUCT ARCHITECTURE: Wiz operates as a modular CNAPP with multiple sub-products (Green/Red/Blue agents, AI-SPM). Verify certification scope covers specific modules used in procurement.

    // At a glance

    Pricing model

    Subscription-based SaaS. Custom pricing per environment and use case. No per-agent fees (agentless architecture). Enterprise licensing available.

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Wiz Inc. (subsidiary of Alphabet Inc. / Google Cloud, acquired March 2026)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    wiz.io

    > Browse all vendor trust reports