Trust Center

We’re pleased to announce that we recently completed an independent third-party report to ensure that we support compliance with the HIPAA Security Rule and HITECH Breach Notification Requirements as a Business Associate. Our HIPAA report is available for download. For more information, see our blog post at https://vercel.com/blog/vercel-supports-hipaa-compliance.

We’re pleased to announce that we recently completed our Self-Assessment Questionnaire Attestation of Compliance (SAQ-D AOC) for Service Providers! Our SAQ-D AOC report is available for download. For more information, see our blog post at https://vercel.com/blog/pci-compliance-for-ecommerce-teams.

A new vulnerability, known as the HTTP/2 Rapid Reset Attack (CVE-2023-44487), has the potential to disrupt HTTP/2-enabled web servers. It can be used to launch large denial-of-service attacks, negatively affecting performance and availability.

Vercel has taken proactive steps to refine our infrastructure and strengthen our defenses. Our improved system can now more efficiently handle the HTTP/2 Rapid Reset Attack to protect your web assets.

We're committed to consistently improving our security measures in response to new threats to ensure safety and reliability for all users. Further detail is available at https://vercel.com/changelog/strengthening-vercels-infrastructure-against-http-2-rapid-reset-attacks.

Vercel is pleased to announce that we recently completed our ISO 27001:2013 certification! Our ISO 27001 certificate is available for download. For more information, see our blog post at https://vercel.com/blog/vercel-iso-27001-security.

We also updated our Policies and 2023 SOC 2 Type 2 Report for download.

Vercel's SOC 2 Type 2 report is now available for download. This audit was completed by Schellman and Company LLC and covers our audit period July 1, 2022 to June 30, 2023.