Compliance, Security, & AI Trust
We are committed to data privacy, compliance with global regulations, and the ethical use of AI.
Your private data, with regional protection
Your data is always secured and protected by regional data residency models and privacy laws. Coupa will never disclose your personal data or confidential company information.
Data privacy as a fundamental human right
We comply with major data protection regulations, maintain certifications and attestations like ISO27701 and APEC PRP, and participate in regular compliance audits. Our privacy program is integrated into our Enterprise Risk Management process.
Built-in compliance with regional and global legal requirements
It's baked in — and it rises to the occasion. Our global product compliance team partners with product management and value services teams to ensure our solutions comply with legal requirements anywhere and everywhere our customers are based.
Simplified payment security from one place
Payments are embedded in the Coupa platform through trusted payment partners from leading global financial institutions. Coupa also maintains data security certification with PCI DSS.
AI trust center
We are committed to the ethical use of artificial intelligence in our products. Our AI algorithms safeguard your data through comprehensive security policies and adherence to contractual and regulatory requirements.
Ethics
We're committed to delivering responsive and adaptive AI solutions that prioritize data protection, transparency, fairness, and accountability.
Policies
Learn about our guidelines and policies for responsible and ethical use of AI, including our AI governance standards.
Compliance
We take compliance seriously. Our AI initiatives comply with all legal contractual and regulatory requirements.
Security and architecture
Our AI security framework is an extension of our already robust policies and practices. This means your data is private and protected from potential risks.
Compliance standards and certifications
-
SOC 1 Coupa is SOC 1 compliant on controls relevant to user entities' internal control over financial reporting.
-
SOC 2 Coupa is SOC 2 compliant on controls relevant to security, availability, and confidentiality.
-
ISO 27001 Coupa maintains a certified Information Security Management System (ISMS) that conforms to ISO/IEC 27001:2013 requirements.
-
ISO 27701 Coupa maintains a certified Privacy Information Management System (PIMS) that conforms to the requirements of ISO/IEC 27701:2013.
-
PCI Coupa is certified with the Payment Card Industry Data Security Standards (PCI DSS) certification, which safeguards cardholder data.
-
HIPAA Coupa is compliant with the Health Insurance Portability and Accountability Act (HIPAA) hosting standards for protecting private health information.
-
FedRAMP Moderate Coupa maintains a FedRAMP (Federal Risk and Authorization Management Program) moderate authorization.
-
ITAR/GlovCloud Coupa complies with the ITAR personnel screening and access authorization procedures for Coupa's GovCloud platform.
-
TISAX Coupa is certified with the European Information Security Assessment (ISA) for the automotive industry.
-
APEC PRP Coupa conforms to the Asia Pacific Economic Cooperation (APEC) privacy recognition for processor (PRP) Requirements.
-
BSI C5 Certification Coupa is audited against the German BSI's (Federal Office for Information Security) standard for secure cloud computing (C5).
Security reporting and additional resources
Customers
Learn about customer security
Customers can view additional security program information via the secure Coupa Compass Portal, and download current versions of our audit reports and certifications.
Learn More
Suppliers
Get supplier support
Visit the Supplier Help Center and FAQs to learn more about security and vulnerability support.
Supplier Help Center
Security researchers
Report technical vulnerabilities
To report vulnerabilities or if you're a security researcher, please review our responsible disclosure policy.
Responsible Disclosure Overview