Supabase is now ISO 27001 certified

Supabase has achieved ISO/IEC 27001:2022 certification, which validates the company's information security management system across its entire platform, including Database, Auth, Storage, Realtime, Edge Functions, and the Data API. ISO/IEC 27001:2022 is an international standard for information security management systems (ISMS), involving a collection of policies, processes, and controls to manage information risk. The certification process is conducted by a third-party auditor and ensures that these systems are maintained continuously, with annual surveillance audits and a three-year validity for the certificate. This certification aligns closely with SOC 2 standards, which also evaluate data protection measures such as access controls and incident response. The audit process involves reviewing documentation and testing system controls, and for Supabase, much of the evidence required overlapped with their existing SOC 2 compliance. Teams on Supabase's Team or Enterprise plans can request the ISO 27001 certificate, which may facilitate vendor reviews and unblock certain projects. Supabase also supports SOC 2 and HIPAA compliance, indicating a commitment to a comprehensive security and compliance framework.