Welcome to the Confluent Trust Center, your comprehensive resource for understanding the foundational principles, practices, and controls that secure and ensure the compliance of our data streaming platform and products.
At Confluent, we believe that customer trust is our most valuable asset, which is why we have engineered enterprise-grade security into the very core of our products and operations, following a "security is foundational" philosophy. We openly share our Trust Principles and provide transparency into our robust security architecture, operational excellence, data privacy commitments, and governance programs.
Here, you can easily access key public documentation, including third-party audit reports such as our SOC 2 Type 2, ISO 27001, and ISO 27701 certifications, in addition to privacy statements and regulatory readiness information for mandates like GDPR, HIPAA, and CCPA.
Accessing Security & Compliance Documentation
A limited selection of our comprehensive compliance and security documentation, such as the public white papers and certifications, is immediately and publicly available on this site. For access to restricted documents—which include sensitive reports like Penetration Test, SOC 2 reports, Vulnerability assessment report etc.—users need to request access directly through the Trust Center portal. Click on the "Get Access" button on top pf the home page, or on respective items. Upon authentication, you can seamlessly gain full, self-service access to the entirety of the documentation library to support your security reviews and procurement processes.
If you are interested in security and compliance commitments on Confluent Platform, Bring-Your-Own-Cloud (WarpStream), or US Public Sector, you may change views using the drop down arrow at the top of this page.
Trust Center Updates
New Trust and Security White Papers: AI Security and Vendor Risk Monitoring
Trust is built through transparency — hence, we believe in giving our customers the visibility on what is on top of their mind with hyper relevant topics. We are excited to share that we have released two white papers that reflect that commitment, spanning from AI security to vendor risk monitoring.
What's New:
-
Protecting Our Products, Services, and Customers at Scale in the Age of AI — How Confluent is adapting its security program to account for frontier AI as an emerging threat vector, including systems such as Anthropic's Mythos. Inside, you will find:
- An overview of Project Trailblazer, Confluent's initiative to use frontier AI models to proactively test and harden our own systems ahead of adversarial use
- Our approach to supply chain security investment, reflecting the priorities we hear most often from customer security teams
- A grounded view of how Confluent's security architecture and operating model are evolving to keep pace with AI-driven threats
We encourage your security and risk teams to use this paper as a reference point for how Confluent is approaching AI-related risk.
-
Continuous Monitoring of Confluent: A Self-Service Guide for Vendor Risk Teams — A practical, step-by-step guide enabling customers' vendor risk and procurement teams to monitor Confluent's compliance posture independently — reducing questionnaire back-and-forth and shortening security review cycles.
As threats evolve and regulatory expectations rise, we remain committed to giving you the transparency, evidence, and architecture you need to move forward with confidence — not just to pass a review, but to build a lasting foundation of trust.
Click Subscribe to be notified automatically of new reports, attestations, and security announcements. Thank you for your continued partnership.
Klue Security Incident — Confluent Statement
Klue, a third-party market-intelligence vendor, announced a security incident impacting their platform. Klue was used by Confluent sales and marketing teams. We want to provide Confluent customers with our current understanding of the scope of the incident.
Your data processed in Confluent products was not impacted. The data you entrust to our services, i.e., data processed through Confluent products, was not involved or impacted. There is no indication Confluent's products, platform, and infrastructure were affected by this incident.
What was affected. The Klue incident involved copying of Confluent business information stored in our customer relationship management (CRM) system — for example, business contact and internal go-to-market opportunity related information.
What we have done so far. After we were notified by Klue, we initiated an internal investigation and disconnected Klue integrations. The incident is limited to CRM data indicated above.
The security of our customers and their data remains our highest priority. We will continue to monitor this matter and provide further updates should additional information become relevant. Nothing is required from our customers currently.
For any questions, please contact Confluent Support.
New White Paper — Continuous Monitoring of Confluent: A Self-Service Guide for Vendor Risk Teams
We're pleased to add a new white paper to the Confluent Trust Center: Continuous Monitoring of Confluent: A Self-Service Guide for Vendor Risk Teams, authored by the Office of the CISO.
Traditional vendor due diligence relies on point-in-time questionnaires and audits that can leave Third-Party Risk Management (TPRM), security, and compliance teams looking backward. This white paper introduces a repeatable, self-service approach for continuously monitoring Confluent's security, availability, and compliance posture, so your teams can quickly answer the question, "Has anything changed that might affect our risk?"
The guide is organized around four practical monitoring dimensions, each grounded in customer-visible signals you can subscribe to and act on today:
- Dimension 1 — Service Health and Security Advisories: the Confluent Cloud Status Page and Support Portal security advisories.
- Dimension 2 — Vendor and Technology Stack: the Subprocessor List and SOC 2 report to understand Confluent's third-party footprint.
- Dimension 3 — Trust and Compliance Evidence: Trust Center attestations (SOC 2, ISO, PCI), security white papers, and security announcements.
- Dimension 4 — Direct Vendor Engagement: a structured, last-resort path for the rare questions that self-service signals don't fully resolve.
The paper also includes a one-page continuous-monitoring checklist your TPRM program can adopt immediately, and the same model can be reused across your broader vendor portfolio.
Read the white paper now in the Confluent Trust Center.
Click Subscribe to be notified automatically of new reports, attestations, and security announcements.
Confluent Compliance Update: ISO 27001 & ISO 27701 Renewals and New SOC 1 / SOC 2 Type 2 Reports Released
At Confluent, your trust is the foundation of everything we build. We are proud to share a series of compliance milestones — spanning globally recognized security and privacy standards — that reaffirm that commitment and the rigor behind it.
ISO/IEC 27001:2022 and ISO/IEC 27701:2019 certifications renewed
Confluent has successfully completed its annual surveillance audit and renewed our ISO/IEC 27001:2022 certification. This renewal demonstrates our continuous dedication to maintaining the highest standards for our Information Security Management System (ISMS), which protects the confidentiality, integrity, and availability of your data.
Our certification scope extends beyond the foundational ISO 27001 standard. It also includes the following:
- ISO 27017 — Provides assurance for the security controls of cloud services, confirming best practices for cloud environment operation and protection.
- ISO 27018 — Verifies controls for protecting Personally Identifiable Information (PII) processed by Confluent as a public cloud Controller and Processor.
- ISO/IEC 27701:2019 — Privacy Management (PIMS) — A key privacy extension verifying our role as a PII Processor and Controller, and helping customers align with global privacy frameworks like GDPR and CCPA.
New SOC 1 Type 2 and SOC 2 Type 2 reports now available
We are also pleased to announce that our latest SOC 1 Type 2 and SOC 2 Type 2 reports are now available for both Confluent Cloud and Confluent Platform, covering the audit period of October 1, 2025 to March 31, 2026. These independent reports provide assurance over our controls relevant to financial reporting (SOC 1) and to security, availability, processing integrity, and confidentiality (SOC 2). If you require a bridge letter, you can generate one directly within the Trust Center.
These renewals and reports provide you with independent assurance that we are consistently managing and mitigating security and privacy risks to protect your data.
You can find our latest ISO certificates, our SOC 1 and SOC 2 Type 2 reports, and other compliance documents in the Confluent Trust Center
Thank you for your continued partnership.
Accelerate Your Due Diligence: 2026 KY3P® Security Assessment for Confluent Now Available
Confluent has officially completed its 2026 KY3P® (formerly TruSight) IT Security Assessment. An S&P Global Market Intelligence offering (formerly IHS Markit), the KY3P framework was developed by a founding consortium of leading global financial institutions to standardize and simplify third-party risk management.
Purchasing this shared assessment allows your risk and compliance teams to expedite their security audit of Confluent by leveraging externally validated results and supporting control evidence. The assessment thoroughly evaluates the control environments for both Confluent Cloud and Confluent Platform across critical domains, including information security, cyber resilience, and data governance covering 2026 vendor review cycles.
Why Leverage Confluent's KY3P Report?
- Reduced Audit Burden: Eliminates the administrative overhead of drafting, sending, and reviewing bespoke vendor risk assessments.
- Consortium-Backed Trust: Rely on an industry-standard framework developed by the world's leading financial institutions.
- Comprehensive Evidence Package: Includes key supporting policies, procedural documentation, and verified control validations.
How to Acquire the Report?
The 2026 KY3P Assessment Report and evidence package are available for purchase directly through S&P Global's KY3P program. To request access, contact the KY3P team at: ky3psales@ihsmarkit.com.
Looking for standard documentation? Access core security certifications, self-attestations, and standard reports (such as SOC 2 or ISO), directly via the Confluent Trust Center.
















