Here’s How Framer is Protecting Your User DataHere’s How Framer is Protecting Your User Data

Keeping your user data secure is important to us, which is why we’re excited to announce our ISO 27001 and SOC 2 compliance.


Koen Rouwhorst

January 30, 2020

Over the years, Framer has been used to prototype pioneering product features, which have gone on to touch billions of people. Companies big and small rely on our tool to push the boundaries of design and reinvent the way we experience technology.

With so much innovation happening on our platform, our security and infrastructure team are more committed than ever to safeguarding your data and design IP. To that end, we’re proud to announce that we’ve recently achieved ISO 27001 certification and successfully completed a Type 1 SOC 2 examination. The ISO 27001 certification and the SOC 2 examination were performed by an independent Certified Public Accountant (CPA), Schellman & Company.

What is ISO 27001?

ISO 27001 is one of the most widely recognized and internationally accepted information security standards. It identifies strict requirements and specifications for an Information Security Management System (ISMS), which defines how an organization should manage and process information more securely.

The certification process involved detailed interviews and examination of the access control, risk management, business continuity, and security best practices we follow during software development. The conclusion of the certification process found that Framer’s ISMS meets the physical, logical, process, and management controls required to achieve certification.

You can find Framer's ISO 27001 certificate in the ISO certificate directory of our auditor. The Statement of Applicability is available to enterprise customers upon request.

What is SOC 2?

A SOC 2 is a report on controls at a service organization for the trust services criteria relevant to an organizations services and customer commitments. The examination was performed under standards established by the American Institute of Certified Public Accountants (AICPA) to help service organizations demonstrate the design and effectiveness of their internal controls related to information security. Framer has successfully completed a Type 1 SOC 2 examination for the following Trust Services Criteria.

Security: Information and systems are protected against unauthorized access, unauthorized disclosure of information, and damage to systems that could compromise the availability, integrity, confidentiality, and privacy of information or systems and affect the entity’s ability to meet its objectives.

Availability: Information and systems are available for operation and use to meet the entity’s objectives.

The Type 1 report is available to enterprise customers upon request.

What’s next?

This Type 1 SOC 2 report provides an independent attestation that Framer’s controls were designed appropriately and are in place to meet its commitments as they relate to security and availability. The Type 2 report is the next step. This will validate the effectiveness of these controls over a sustained period of time. We are committed to obtaining the Type 2 report later this year and plan to conduct an annually recurring SOC 2 examination to build on what we have put in place. In doing so, we hope to demonstrate the importance that we place on safeguarding your data, and how much we value your trust.

To learn more about security at Framer or to get in touch with our enterprise team, read through our security page.

Like this article? Spread the word.

Bring your best ideas to life

Subscribe to get fresh prototyping stories, tips, and resources delivered straight to your inbox.