Coupa Trust
Success begins with relationships based on trust
Coupa earns your trust through our five Trust Pillars
Coupa includes security at all levels of our technology and operations from the very beginning of the product development lifecycle. Our commitment is to invest in the technology, people, and processes that ensure the data you've entrusted with us is safe, secure, and totally private.
Review our responsible disclosure policy below.
Coupa participates in various compliance audits while also maintaining multiple certifications and attestations.
Coupa has an ISO27701 and APEC PRP certified global privacy program to support our customers' compliance efforts and to meet the expectations of key stakeholders. Our privacy program is integrated into our Enterprise Risk Management process together with all other significant compliance domains, and it is aligned with the GRI and SASB sustainability reporting standards as we view data privacy as a fundamental human right.
Coupa’s Global Product Compliance team partners with Product Management and Value Services to ensure our customers' BSM solutions are compliant with mandatory legal requirements, both regional and global.
Our team’s activities align strongly with Coupa’s core values by ensuring customer success and striving for excellence. See below to learn more about one example of how Global Product Compliance supports the BSM from an Invoicing perspective.
Coupa is building a community of inspired employees, customers, suppliers, and partners who share our belief in the power of spend to drive positive impact for businesses, society, and the planet. Through Coupa’s Environmental, Social, and Governance (ESG) initiatives, Coupa is committed to advancing sustainable business practices and driving positive impact for our customers and communities.
Technical Vulnerability Management
The Security Operations Center (SOC) oversees vulnerability management and is responsible for monitoring application and system vulnerabilities. To report vulnerabilities, reach out below:
Customers
Customers can reference additional security program information via the Secure Coupa Compass Portal.
Prospects and Partners
Prospects and partners please reach out to your account manager or partner representative.
Suppliers
Suppliers, please visit the Coupa Suppliers site, and see the Supplier Help Center and frequently asked questions.
Security Researchers
To report vulnerabilities or if you're a security researcher please review our responsible disclosure policy.
Compliance
SOC 1
Coupa is SOC 1 compliant on controls Relevant to User Entities’ Internal Control Over Financial Reporting.
SOC 2
Coupa is SOC 2 compliant on controls relevant to Security, Availability, and Confidentiality.
ISO 27001
Coupa maintains a certified Information Security Management System that conforms to the requirements of ISO/IEC 27001:2013.
ISO 27701
Coupa maintains a certified privacy Information Management System (PIMS) that conforms to the requirements of ISO/IEC 27701:2013.
PCI
Coupa is certified with the Payment Card Industry Data Security Standards (PCI DSS) certification, which safeguards cardholder data.
HIPAA
Coupa is compliant with the Health Insurance Portability and Accountability Act (HIPAA) hosting standards for Protecting Private Health Information.
FedRAMP Moderate
Coupa maintains a FedRAMP (Federal Risk and Authorization Management Program) Moderate Authorization.
ITAR/GovCloud
Coupa complies with the ITAR Personnel Screening and Access Authorization procedures for Coupa’s GovCloud Platform.
TISAX
Coupa is certified with the European Information Security Assessment (ISA) for the Automotive Industry.
APEC PRP
Coupa conforms to the Asia Pacific Economic Cooperation (APEC) Privacy Recognition for Processor (PRP) Requirements.
BSI C5 Certification
Coupa is certified with the German BSI (Federal Office for Information Security) for secure cloud computing (C5).
