Figma
Certifications & attestations
| Certification | Status | Source | Last verified |
|---|---|---|---|
| SOC 2 Type II Report available via Figma's Trust Center (gated). A public SOC 3 report is also offered. | Verified | vendor source ↗ | June 10, 2026 |
| ISO 27001 Certified against ISO/IEC 27001:2022. Also holds ISO 27017, 27018, and 27701. | Verified | vendor source ↗ | June 10, 2026 |
| FedRAMP (Authorized) | Verified | vendor source ↗ | June 10, 2026 |
| BSI C5 Type 2 C5 attestation report available via Trust Center. | Verified | vendor source ↗ | June 10, 2026 |
| TISAX Listed on Figma's security page; results shared via the ENX portal. | Verified | vendor source ↗ | June 10, 2026 |
→ Direct answer: Does Figma have SOC 2?
Subprocessors
Subprocessor extraction for Figma is pending.
Hosting & data residency
- InfrastructureAmazon Web Services
- Data residencynot yet recorded
Trust documents & links
- Trust centerhttps://compliance.figma.com/
- Security pagehttps://www.figma.com/security/
- DPAnot yet recorded
- Status pagehttps://status.figma.com
Security incidents & disclosures
No incidents on record in the public sources we track, as of June 10, 2026. Absence of a record is not a guarantee — see methodology.
Change history
2026-06-10
Vendor added to StackPosture — initial snapshot from published trust documentation. Verification pass pending.
2026-06-10
Verification pass: SOC 2 Type II, ISO 27001:2022, FedRAMP authorization, C5, and TISAX confirmed against Figma's security page, Trust Center, and the FedRAMP marketplace. Trust Center URL added.