Datadog
Certifications & attestations
| Certification | Status | Source | Last verified |
|---|---|---|---|
| SOC 2 Type II SOC 2 Type 1 and Type 2 listed; Datadog, Cloudcraft, and Eppo SOC 2 Type II reports available via the Trust Center. | Verified | vendor source ↗ | June 10, 2026 |
| ISO 27001 Also holds ISO/IEC 27017:2015, ISO/IEC 27018:2019, and ISO/IEC 27701. | Verified | vendor source ↗ | June 10, 2026 |
| ISO 42001 ISO/IEC 42001:2023 AI management systems. | Verified | vendor source ↗ | June 10, 2026 |
| FedRAMP (High) Datadog for Government achieved FedRAMP High — scope differs from the commercial product. GovRAMP also listed. | Verified | vendor source ↗ | June 10, 2026 |
| PCI DSS | Verified | vendor source ↗ | June 10, 2026 |
| HIPAA | Verified | vendor source ↗ | June 10, 2026 |
| CSA STAR | Verified | vendor source ↗ | June 10, 2026 |
| TISAX | Verified | vendor source ↗ | June 10, 2026 |
| IRAP Australian IRAP assessment. | Verified | vendor source ↗ | June 10, 2026 |
→ Direct answer: Does Datadog have SOC 2?
Subprocessors
Subprocessor extraction for Datadog is pending. The vendor publishes a list here: source ↗
Hosting & data residency
- InfrastructureAmazon Web Services, Microsoft Azure, Google Cloud Platform
- Data residencyMultiple Datadog sites (US, EU, US gov, AP) — customers choose at signup.
Trust documents & links
- Trust centerhttps://trust.datadoghq.com
- Security pagehttps://www.datadoghq.com/trust/
- DPAnot yet recorded
- Status pagehttps://status.datadoghq.com
Security incidents & disclosures
No incidents on record in the public sources we track, as of June 10, 2026. Absence of a record is not a guarantee — see methodology.
Change history
2026-06-10
Vendor added with a verified initial snapshot: SOC 2 Type II, ISO 27001/27017/27018/27701, ISO/IEC 42001:2023, FedRAMP High (Datadog for Government), PCI DSS, HIPAA, CSA STAR, TISAX, and IRAP confirmed against Datadog's SafeBase Trust Center compliance list and press release (fetched 2026-06-10). DORA, GDPR, and CCPA shown on the trust page are legal/regulatory frameworks, not certifications — excluded.