Whiplash is a Heroku customer building high-compliance apps. Heroku has achieved the following compliance milestones:
ISO 27001 Certification:
Widely recognized and internationally accepted information security standard that specifies security management best practices and comprehensive security controls following ISO 27002 best practices guidance.
ISO 27017 Certification:
A standard that provides additional guidance and implementation advice on information security aspects specific to cloud computing.
ISO 27018 Certification:
Establishes commonly accepted control objectives, controls, and guidelines for implementing measures to protect Personally Identifiable Information (PII) in accordance with defined privacy principles for public cloud computing environments.
SOC2 Type I Attestation:
An independent examination of the fairness of presentation and the suitability of the design of controls relevant to security, availability, and confidentiality of the information processed by the Heroku Platform as of a specified date.
The scope of these certifications include all Heroku Platform Runtimes and Heroku Data Services. Please see the announcement blog post for more details.