Compliance, Security, & AI Trust

We are committed to data privacy, compliance with global regulations, and the ethical use of AI.

Rest easy with the highest standards of compliance and data security

Data-Security
Data-Compliance-SVG
Global-Product-Compliance
Payment-Security_Payment-Security
Data-Security
01/04Data security

Your private data, with regional protection

Your data is always anonymized and secured — aggregated by regional extraction services and protected by regional data residency models and privacy laws. Coupa will never disclose your personal data or confidential company information.

Data-Compliance-SVG
02/04Data compliance

Data privacy as a fundamental human right

We comply with major data protection regulations, maintain certifications and attestations like ISO27701 and APEC PRP, and participate in regular compliance audits. Our privacy program is integrated into our Enterprise Risk Management process.

Global-Product-Compliance
03/04Global product compliance

Built-in compliance with regional and global legal requirements

It’s baked in — and it rises to the occasion. Our global product compliance team partners with product management and value services teams to ensure our solutions comply with legal requirements anywhere and everywhere our customers are based.

Payment-Security_Payment-Security
04/04Payment security

Simplified payment security from one place

Payments are embedded in the Coupa platform through trusted payment partners from leading global financial institutions. Coupa also maintains data security certification with PCI DSS.

Compliance standards and certifications

AICPA SOC black
SOC 1

Coupa is SOC 1 compliant on controls relevant to user entities’ internal control over financial reporting.

AICPA SOC blue
SOC 2

Coupa is SOC 2 compliant on controls relevant to security, availability, and confidentiality.

ISO 27701 Certified by Schellman
ISO 27001

Coupa maintains a certified Information Security Management System (ISMS) that conforms to ISO/IEC 27001:2013 requirements.

ISO 27701 Certified by Schellman
ISO 27701

Coupa maintains a certified Privacy Information Management System (PIMS) that conforms to the requirements of ISO/IEC 27701:2013.

PCI Security Standards Council
PCI

Coupa is certified with the Payment Card Industry Data Security Standards (PCI DSS) certification, which safeguards cardholder data.

HIPAA Compliance badge
HIPAA

Coupa is compliant with the Health Insurance Portability and Accountability Act (HIPAA) hosting standards for protecting private health information.

FedRAMP logo
FedRAMP Moderate

Coupa maintains a FedRAMP (Federal Risk and Authorization Management Program) moderate authorization.

ITAR logo
ITAR/GlovCloud

Coupa complies with the ITAR personnel screening and access authorization procedures for Coupa’s GovCloud platform.

Tisax Result Available
TISAX

Coupa is certified with the European Information Security Assessment (ISA) for the automotive industry.

APEC Privacy logo
APEC PRP

Coupa conforms to the Asia Pacific Economic Cooperation (APEC) privacy recognition for processor (PRP) Requirements.

Federal Office for Information Security
BSI C5 Certification

Coupa is certified with the German BSI (Federal Office for Information Security) for secure cloud computing (C5).

Security reporting and additional resources

Customers

Learn about customer security

Customers can reference additional security program information via the secure Coupa Compass Portal.

Learn More
Suppliers

Get supplier support

Visit the Supplier Help Center and FAQs to learn more about security and vulnerability support.

Supplier Help Center
Security researchers

Report technical vulnerabilities

To report vulnerabilities or if you’re a security researcher, please review our responsible disclosure policy.

Responsible Disclosure Overview

Find out more

Interested in taking a deep dive into our security and compliance features? Want to learn more about the platform and see how it can securely meet your needs?