What certifications has ForgeRock achieved?
The purpose of this article is to provide information on the external certifications achieved by ForgeRock for our products and services.
Overview
ForgeRock is SAML 2.0 certified in accordance with the Kantara Initiative. We have been OpenID Connect (OIDC) conformant since 2015 and Open Banking security conformant since March 2018. We are certified as a Financial-grade API (FAPI 1.0) OpenID Provider, a FAPI-CIBA OpenID Provider, and an OpenID Provider for Basic OP, Implicit OP, Hybrid OP, Config OP, Dynamic OP, and Form Post OP.
ForgeRock has achieved ISO 27001 certification for the development and operation of cloud and on-premises products and services across all of our major locations. We recently achieved a SOC 2 Type 2 certification and report for ForgeRock Identity Cloud, and have Cloud Security Alliance (CSA) Star Level 2 attestation and certification. We also have independent attestations of compliance with Health Insurance Portability and Accountability Act (HIPAA) security and Health Information Technology for Economic and Clinical Health (HITECH) breach notification rule.
ForgeRock product certifications
SAML 2.0
ForgeRock Access Management is SAML 2.0 certified in accordance with the certification for the Kantara Initiative. See Kantara Initiative Interoperable SAML 2.0 Products and Services for further details.
OpenID Provider
The ForgeRock Identity Platform is a certified OpenID Provider for Basic OP, Implicit OP, Hybrid OP, Config OP, Dynamic OP, and Form Post OP. See OpenID Providers for further details.
FAPI OpenID Provider
The ForgeRock Identity Platform is certified as a Financial-grade API (FAPI 1.0) OpenID Provider. See FAPI OpenID Providers for further details.
FAPI-CIBA OpenID Provider
The ForgeRock Identity Platform is certified as a Certified Financial-grade API Client Initiated Backchannel Authentication Profile (FAPI-CIBA) OpenID Provider. See FAPI-CIBA OpenID Providers for further details.
Microsoft® Azure® Active Directory Federation
ForgeRock Access Management achieved certification as a Microsoft Azure Active Directory federation partner. See Azure AD federation compatibility list for further details.
Compliance
ISO 27001
ForgeRock has achieved ISO 27001 certification for the development and operation of ForgeRock Identity Platform and ForgeRock Identity Cloud products and services across all of our major locations. The supporting technology includes ForgeRock software and cloud development, HR and IT processes, and the BackStage platform that consists of a knowledge base, support portal, access and storage solutions and ticket management.
Our ISO 27001 certificate can be found in the Shellman ISO Certificate Directory.
SOC 2 Type 2
ForgeRock successfully completed the AICPA-certified Service Organization Control (SOC) 2 Type 2 audit. The audit report confirms the Trust Services criteria relevant to the security, availability and confidentiality for ForgeRock Identity Cloud. Our adherence to these standards will be externally validated annually.
Customers and prospects can request access to the audit report here.
CSA Star Level 2 external audit and self-attestation
ForgeRock has completed an external audit to validate that we meet the criteria required for the Cloud Security Alliance (CSA) Star Level 2 attestation for ForgeRock Identity Cloud. In addition, we have completed a Consensus Assessment Initiative Questionnaire (CAIQ), which is an industry-accepted way to document what security controls exist in cloud services, providing security control transparency.
Both the CSA Star Level 2 attestation and the CSA CAIQ Questionnaire v3.1 can be viewed in the CSA STAR Registry.
HIPAA and HITECH
ForgeRock Identity Cloud has achieved an independent attestation compliance report for Health Insurance Portability and Accountability Act (HIPAA) security and Health Information Technology for Economic and Clinical Health (HITECH) breach notification rule.