Trust Center
Welcome to the Confluent Trust Center, your comprehensive resource for understanding the foundational principles, practices, and controls that secure and ensure the compliance of our data streaming platform and products.
At Confluent, we believe that customer trust is our most valuable asset, which is why we have engineered enterprise-grade security into the very core of our products and operations, following a "security is foundational" philosophy. We openly share our Trust Principles and provide transparency into our robust security architecture, operational excellence, data privacy commitments, and governance programs.
Here, you can easily access key public documentation, including third-party audit reports such as our SOC 2 Type 2, ISO 27001, and ISO 27701 certifications, in addition to privacy statements and regulatory readiness information for mandates like GDPR, HIPAA, and CCPA.
Accessing Security & Compliance Documentation
A limited selection of our comprehensive compliance and security documentation, such as the public white papers and certifications, is immediately and publicly available on this site. For access to restricted documents—which include sensitive reports like Penetration Test, SOC 2 reports, Vulnerability assessment report etc.—users need to request access directly through the Trust Center portal. Click on the "Get Access" button on top pf the home page, or on respective items. Upon authentication, you can seamlessly gain full, self-service access to the entirety of the documentation library to support your security reviews and procurement processes.
If you are interested in security and compliance commitments on Confluent Platform, Bring-Your-Own-Cloud (WarpStream), or US Public Sector, you may change views using the drop down arrow at the top of this page.
Accelerate Your Due Diligence: 2026 KY3P® Security Assessment for Confluent Now Available
Confluent has officially completed its 2026 KY3P® (formerly TruSight) IT Security Assessment. An S&P Global Market Intelligence offering (formerly IHS Markit), the KY3P framework was developed by a founding consortium of leading global financial institutions to standardize and simplify third-party risk management.
Purchasing this shared assessment allows your risk and compliance teams to expedite their security audit of Confluent by leveraging externally validated results and supporting control evidence. The assessment thoroughly evaluates the control environments for both Confluent Cloud and Confluent Platform across critical domains, including information security, cyber resilience, and data governance covering 2026 vendor review cycles.
Why Leverage Confluent's KY3P Report?
- Reduced Audit Burden: Eliminates the administrative overhead of drafting, sending, and reviewing bespoke vendor risk assessments.
- Consortium-Backed Trust: Rely on an industry-standard framework developed by the world's leading financial institutions.
- Comprehensive Evidence Package: Includes key supporting policies, procedural documentation, and verified control validations.
How to Acquire the Report?
The 2026 KY3P Assessment Report and evidence package are available for purchase directly through S&P Global's KY3P program. To request access, contact the KY3P team at: ky3psales@ihsmarkit.com.
Looking for standard documentation? Access core security certifications, self-attestations, and standard reports (such as SOC 2 or ISO), directly via the Confluent Trust Center.
New White Paper — Streaming Sovereignty: Digital Sovereignty Imperative for the Real-Time Enterprise
For regulated enterprises, digital sovereignty is no longer a compliance checkbox — it is a procurement gate, an audit finding, and in some cases a condition of license. At Confluent, we believe sovereignty must be intentional and engineered into every layer of the technology stack — backed by architectural guarantees you can verify, audit, and rely upon.
We are excited to announce the publication of our latest white paper: Streaming Sovereignty | Digital Sovereignty Imperative for the Real-Time Enterprise.
This paper articulates Confluent's position that sovereignty is not a product feature or a contractual clause — it is an architectural outcome. It is designed to support Boards, C-suites, CISOs, and infrastructure architects navigating the convergence of an increasingly complex regulatory landscape and business needs based on national and regional sentiments and requirements.
Inside, you will find:
- A Board-Level Risk Register mapping streaming-layer exposures to Confluent's architectural mitigations
- The Confluent Sovereignty Spectrum — how Confluent Cloud, WarpStream BYOC, Confluent Private Cloud, and Confluent Platform each meet a distinct sovereignty profile
- A Deployment Architecture Decision Guide and Industry Architecture Guide for financial services, healthcare, government, critical infrastructure, and telecommunications
- A consolidated view of evidence artifacts available for regulatory audit and reporting
The white paper is now available on the Confluent Trust Center. We encourage you to share it with your security, compliance, risk, and architecture teams — and to use it as a reference in your conversations with regulators, auditors, and your Board as you plan and scale your critical workloads on Confluent.
Thank you for your continued partnership. We look forward to enabling you to achieve your desired outcomes related to real-time streaming sovereignty— with the transparency, architectural guarantees, and evidence artifacts you need to lead with confidence.
New Security & Compliance White Papers: Accelerating Trust in Regulated Industries
At Confluent, we understand that moving mission-critical data in real-time requires more than just speed—it requires unwavering trust. As global regulatory landscapes become increasingly complex, we are committed to providing the transparency you need to scale with confidence.
We are excited to announce the publication of three new white papers on the Confluent Trust Center. These resources offer a deep dive into how Confluent Cloud is engineered to meet the stringent security, risk, and compliance obligations of highly regulated sectors.
New Resources Available for Download
- Enabling Operational Resilience for Financial Institutions - Tailored for banks and other financial services players, this paper explains how Confluent Cloud supports resilience across global regulations. It covers key topics such as incident reporting, continuous resilience testing, risk management, and governance.
- ePHI in Motion: Trust, Controls, and Compliance for Healthcare - Focused on HIPAA-aligned use cases, this resource details the technical and administrative architecture used to safeguard Electronic Protected Health Information (ePHI) while enabling real-time data flows.
- Enabling Trust with Confluent Cloud in Australia - This guide addresses the unique Australian regulatory landscape, explaining how Confluent Cloud aligns with frameworks such as APRA and IRAP to maintain compliance for sensitive workloads.
Why This Matters for Your Team
These papers are designed to serve as strategic tools for your organization by:
- Providing consolidated evidence of our security capabilities for regulated workloads.
- Reducing manual reviews for your risk and audit teams, helping them assess our controls more efficiently.
- Removing compliance roadblocks to accelerate your cloud and data streaming adoption.
Where to Access
All three white papers are now available in the White Papers section of the Confluent Trust Center.
We encourage you to share these resources with your security, compliance, and risk stakeholders as you plan and scale your critical workloads on Confluent Cloud.
Confluent Cloud for Government Achieves FedRAMP® 20x Moderate Authorization
We are excited to announce that Confluent Cloud for Government (CCG) is now officially available on the FedRAMP Marketplace with FedRAMP 20x Moderate Authorization.
Achieved through the competitive FedRAMP 20x Pilot program, this milestone marks a new era for data streaming in the public sector. Federal, state, local, and tribal agencies—as well as the commercial organizations that support them—can now deploy enterprise-grade, cloud-native data streaming in days rather than months, with full confidence that it meets rigorous federal security standards.
Why This Matters
Our customers are currently tasked with a high-stakes balancing act: modernizing legacy systems and delivering real-time services while operating under strict compliance and budget constraints.
FedRAMP (the Federal Risk and Authorization Management Program) provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services used by U.S. federal agencies. Achieving FedRAMP Moderate demonstrates that Confluent Cloud for Government aligns to rigorous security and risk management requirements appropriate for moderate-impact systems.
Federal, state, local, and tribal agencies—as well as commercial partners that support them—can deploy enterprise-grade data streaming in days instead of months, while meeting rigorous federal security and compliance requirements.
By achieving FedRAMP Moderate authorization, Confluent Cloud for Government enables our customers to:
- Respond in Real-Time: Stream data from edge devices and sensors for immediate situational awareness in defense and emergency response.
- Break Down Silos: Facilitate secure, cross-departmental data sharing without the need for expensive, brittle point-to-point integrations.
- Modernize Citizen Experiences: Power responsive services by treating data as a continuously updating stream rather than a static snapshot.
Get Started Today
Confluent Cloud for Government is available immediately. Whether you are streamlining benefit claims, coordinating emergency response data, or serving critical citizen services, our platform serves as the central nervous system for your data ecosystem.
If you are already a Confluent Cloud for Government customer, your account team can help you understand how this authorization maps to your internal compliance requirements and system security plans.
New customers interested in onboarding to Confluent Cloud for Government can work with their Confluent representative to discuss architecture patterns, migration options, and how to leverage this FedRAMP Moderate authorization within your broader compliance program.
The latest compliance documentation and security artifacts will be available through the Confluent Trust Center as they are published, so your security and risk teams can easily review and reference them during assessments and audits.
View our Listing: Confluent Cloud for Government FedRAMP Marketplace
Join us Live: See CCG in action at the 2026 Public Sector Summit.
Review the Docs: Read the Confluent Cloud for Government Documentation and FedRAMP Security Best Practices for Confluent Cloud for Government
Thank you for your continued trust in Confluent. We look forward to supporting your mission with secure, compliant, real-time data streaming.
New White Paper: Building Secure and Compliant AI Applications with Confluent
We are pleased to announce the publication of our latest technical resource: "Building Secure and Compliant AI Applications with Confluent Cloud."
Why It Matters
This paper provides the blueprint showing how a real-time, secure, compliant and governed data infrastructure allows our customers to innovate and develop AI applications rapidly without compromising on data sovereignty, regulatory readiness and trust.