Esri is committed to delivering secure, trustworthy, and compliant ArcGIS products. Our compliance programs are anchored in industry-leading standards and are continuously updated to meet evolving regulatory and customer requirements.
Customer Data and Supply Chain
When customers utilize Online Services from Esri, the secure development lifecycle of the products, operations, and customer datasets are covered by the third party validated assurance of industry-leading FedRAMP moderate authorization and ISO 27001 certification. Separate content is available for each of these Esri compliance programs below:
Privacy
Esri's privacy program aligns with major frameworks, including EU GDPR, California privacy laws (CPRA/CCPA), and the EU-U.S. Data Privacy Framework (DPF). We provide transparency about data handling, sub-processors, data transfers, and data subject rights, with regional data residency options.
Non-Product / Internal System
Esri corporate maintains a SOC 2 certification scoped to select internal systems that does NOT cover the assurance of our products, their operation, or customer datasets within Esri products.
Compliance Map
Check out our compliance matrix page to jump to details for each specific compliance initiative Esri aligns with.