Welcome to the Confluent Trust Center, your comprehensive resource for understanding the foundational principles, practices, and controls that secure and ensure the compliance of our data streaming platform and products.
At Confluent, we believe that customer trust is our most valuable asset, which is why we have engineered enterprise-grade security into the very core of our products and operations, following a "security is foundational" philosophy. We openly share our Trust Principles and provide transparency into our robust security architecture, operational excellence, data privacy commitments, and governance programs.
Here, you can easily access key public documentation, including third-party audit reports such as our SOC 2 Type 2, ISO 27001, and ISO 27701 certifications, in addition to privacy statements and regulatory readiness information for mandates like GDPR, HIPAA, and CCPA.
Accessing Security & Compliance Documentation
A limited selection of our comprehensive compliance and security documentation, such as the public white papers and certifications, is immediately and publicly available on this site. For access to restricted documents—which include sensitive reports like Penetration Test, SOC 2 reports, Vulnerability assessment report etc.—users need to request access directly through the Trust Center portal. Click on the "Get Access" button on top pf the home page, or on respective items. Upon authentication, you can seamlessly gain full, self-service access to the entirety of the documentation library to support your security reviews and procurement processes.
If you are interested in security and compliance commitments on Confluent Platform, Bring-Your-Own-Cloud (WarpStream), or US Public Sector, you may change views using the drop down arrow at the top of this page.
Trust Center Updates
Confluent Expands Compliance Coverage: 2026 SIG Templates Now Available, BSI C5 Attestation Achieved
At Confluent, your trust is the foundation of everything we build. We're pleased to share two new additions now available in the Confluent Trust Center: updated self-service due diligence templates, and a new government-backed security attestation.
2026 SIG Core and SIG Lite Templates Now Available
Security due diligence can be time-consuming, so we've published our completed 2026 SIG Lite and SIG Core templates — pre-answered questionnaires that let you skip manual back-and-forth. SIG Lite gives a quick, high-level view of our controls; SIG Core goes deeper for higher-risk or regulated evaluations.
This year's editions reflect current priorities, including new AI Governance risk frameworks, operational resilience and business continuity coverage, refreshed industry-standards alignment, and regulatory mapping updates including DORA.
Download our pre-completed templates directly from the Confluent Trust Center to expedite your due diligence requirements today.
BSI C5 Attestation Achieved
Confluent Cloud has achieved attestation against the BSI Cloud Computing Compliance Criteria Catalogue (C5), published by Germany's Federal Office for Information Security (BSI). C5 is a government-backed cloud security attestation framework, most recently updated as C5:2020, and built on standards like ISO/IEC 27001 and the Cloud Security Alliance's Cloud Controls Matrix, requiring transparency around data location, jurisdiction, and disclosure obligations to authorities.
For any organization evaluating our cloud security posture as part of procurement, vendor risk management, or regulatory readiness, the BSI C5 report provides an additional, independently audited data point confirming that Confluent's security controls are appropriately designed and operating effectively. This is particularly relevant for organizations in regulated industries — financial services, insurance, healthcare, and the public sector — that reference internationally recognized frameworks in their due diligence processes, and for customers operating in or serving Germany and the broader EU market, where C5 carries particular procurement weight.
The BSI C5 report is available now on the Trust Center.
Together, these updates reflect our ongoing commitment to making security and compliance transparent, accessible, and easy to act on — whether you need a quick self-service answer or independent, third-party assurance.
Click Subscribe to be notified as new reports, attestations, and announcements go live, and thank you for your continued partnership.
New Trust and Security White Papers: AI Security and Vendor Risk Monitoring
Trust is built through transparency — hence, we believe in giving our customers the visibility on what is on top of their mind with hyper relevant topics. We are excited to share that we have released two white papers that reflect that commitment, spanning from AI security to vendor risk monitoring.
What's New:
-
Protecting Our Products, Services, and Customers at Scale in the Age of AI — How Confluent is adapting its security program to account for frontier AI as an emerging threat vector, including systems such as Anthropic's Mythos. Inside, you will find:
- An overview of Project Trailblazer, Confluent's initiative to use frontier AI models to proactively test and harden our own systems ahead of adversarial use
- Our approach to supply chain security investment, reflecting the priorities we hear most often from customer security teams
- A grounded view of how Confluent's security architecture and operating model are evolving to keep pace with AI-driven threats
We encourage your security and risk teams to use this paper as a reference point for how Confluent is approaching AI-related risk.
-
Continuous Monitoring of Confluent: A Self-Service Guide for Vendor Risk Teams — A practical, step-by-step guide enabling customers' vendor risk and procurement teams to monitor Confluent's compliance posture independently — reducing questionnaire back-and-forth and shortening security review cycles.
As threats evolve and regulatory expectations rise, we remain committed to giving you the transparency, evidence, and architecture you need to move forward with confidence — not just to pass a review, but to build a lasting foundation of trust.
Click Subscribe to be notified automatically of new reports, attestations, and security announcements. Thank you for your continued partnership.
Klue Security Incident — Confluent Statement
Klue, a third-party market-intelligence vendor, announced a security incident impacting their platform. Klue was used by Confluent sales and marketing teams. We want to provide Confluent customers with our current understanding of the scope of the incident.
Your data processed in Confluent products was not impacted. The data you entrust to our services, i.e., data processed through Confluent products, was not involved or impacted. There is no indication Confluent's products, platform, and infrastructure were affected by this incident.
What was affected. The Klue incident involved copying of Confluent business information stored in our customer relationship management (CRM) system — for example, business contact and internal go-to-market opportunity related information.
What we have done so far. After we were notified by Klue, we initiated an internal investigation and disconnected Klue integrations. The incident is limited to CRM data indicated above.
The security of our customers and their data remains our highest priority. We will continue to monitor this matter and provide further updates should additional information become relevant. Nothing is required from our customers currently.
For any questions, please contact Confluent Support.
New White Paper — Continuous Monitoring of Confluent: A Self-Service Guide for Vendor Risk Teams
We're pleased to add a new white paper to the Confluent Trust Center: Continuous Monitoring of Confluent: A Self-Service Guide for Vendor Risk Teams, authored by the Office of the CISO.
Traditional vendor due diligence relies on point-in-time questionnaires and audits that can leave Third-Party Risk Management (TPRM), security, and compliance teams looking backward. This white paper introduces a repeatable, self-service approach for continuously monitoring Confluent's security, availability, and compliance posture, so your teams can quickly answer the question, "Has anything changed that might affect our risk?"
The guide is organized around four practical monitoring dimensions, each grounded in customer-visible signals you can subscribe to and act on today:
- Dimension 1 — Service Health and Security Advisories: the Confluent Cloud Status Page and Support Portal security advisories.
- Dimension 2 — Vendor and Technology Stack: the Subprocessor List and SOC 2 report to understand Confluent's third-party footprint.
- Dimension 3 — Trust and Compliance Evidence: Trust Center attestations (SOC 2, ISO, PCI), security white papers, and security announcements.
- Dimension 4 — Direct Vendor Engagement: a structured, last-resort path for the rare questions that self-service signals don't fully resolve.
The paper also includes a one-page continuous-monitoring checklist your TPRM program can adopt immediately, and the same model can be reused across your broader vendor portfolio.
Read the white paper now in the Confluent Trust Center.
Click Subscribe to be notified automatically of new reports, attestations, and security announcements.
Confluent Compliance Update: ISO 27001 & ISO 27701 Renewals and New SOC 1 / SOC 2 Type 2 Reports Released
At Confluent, your trust is the foundation of everything we build. We are proud to share a series of compliance milestones — spanning globally recognized security and privacy standards — that reaffirm that commitment and the rigor behind it.
ISO/IEC 27001:2022 and ISO/IEC 27701:2019 certifications renewed
Confluent has successfully completed its annual surveillance audit and renewed our ISO/IEC 27001:2022 certification. This renewal demonstrates our continuous dedication to maintaining the highest standards for our Information Security Management System (ISMS), which protects the confidentiality, integrity, and availability of your data.
Our certification scope extends beyond the foundational ISO 27001 standard. It also includes the following:
- ISO 27017 — Provides assurance for the security controls of cloud services, confirming best practices for cloud environment operation and protection.
- ISO 27018 — Verifies controls for protecting Personally Identifiable Information (PII) processed by Confluent as a public cloud Controller and Processor.
- ISO/IEC 27701:2019 — Privacy Management (PIMS) — A key privacy extension verifying our role as a PII Processor and Controller, and helping customers align with global privacy frameworks like GDPR and CCPA.
New SOC 1 Type 2 and SOC 2 Type 2 reports now available
We are also pleased to announce that our latest SOC 1 Type 2 and SOC 2 Type 2 reports are now available for both Confluent Cloud and Confluent Platform, covering the audit period of October 1, 2025 to March 31, 2026. These independent reports provide assurance over our controls relevant to financial reporting (SOC 1) and to security, availability, processing integrity, and confidentiality (SOC 2). If you require a bridge letter, you can generate one directly within the Trust Center.
These renewals and reports provide you with independent assurance that we are consistently managing and mitigating security and privacy risks to protect your data.
You can find our latest ISO certificates, our SOC 1 and SOC 2 Type 2 reports, and other compliance documents in the Confluent Trust Center
Thank you for your continued partnership.


















