Skip to main content

Accessing compliance reports for your organization

You can access GitHub's compliance reports, such as our SOC reports and Cloud Security Alliance CAIQ self-assessment (CSA CAIQ), for your organization.

Who can use this feature

Organization owners can access compliance reports for the organization.

About GitHub's compliance reports

You can access GitHub's compliance reports in your organization settings.

  • SOC 1, Type 2
  • SOC 2, Type 2
  • Cloud Security Alliance CAIQ self-assessment (CSA CAIQ)
  • ISO/IEC 27001:2013 certification
  • GitHub.com Services Continuity and Incident Management Plan

Accessing compliance reports for your organization

Note: To view compliance reports, your organization must use GitHub Enterprise Cloud. For more information about how you can try GitHub Enterprise Cloud for free, see "Setting up a trial of GitHub Enterprise Cloud."

If you are not using GitHub Enterprise Cloud, you can find similar reports at GitHub Security.

  1. In the top right corner of GitHub.com, click your profile photo, then click Your organizations.

    Screenshot of the dropdown menu under @octocat's profile picture. "Your organizations" is outlined in dark orange.

  2. Next to the organization, click Settings.

  3. In the "Security" section of the sidebar, click Compliance.

  4. To the right of the report you want to access, click Download or View.

    Screenshot of download button to the right of a compliance report

Further reading