BREAKING NEWS Pure Storage is named A Leader in the 2025 Gartner® Magic Quadrant™ for Enterprise Storage Platforms.
BREAKING NEWS Pure Storage is named a Leader in the 2025 Gartner® Magic Quadrant™ for Infrastructure Platform Consumption Services.
ANNOUNCEMENT Pure Storage introduces the Enterprise Data Cloud so customers can manage their data, not their storage
ANNOUNCEMENT Unify your on-premises and public cloud environments with a single, consistent experience.
Visit Pure.ai Trust Center Sales +1 800 976 6494
Visit Pure.ai Trust Center Sales +1 800 976 6494
Choose Your Region
Choose Your Region
The Pure Advantage Solutions Products Services & Support Resources Partners Company
CONTACT US
Sales +1 800 976 6494
Contact Us
Main Menu
The Pure Advantage
Solutions
Products
Services & Support
Resources
Partners
Company
Contact Us

Trust Centre

Explore how Pure Storage safeguards data with robust security controls, certifications, and proven compliance leadership.

Download the Trust Packet View Certifications

Product security resources

Security bulletins

Get the latest updates on security vulnerabilities and incidents, including detailed impact analysis and resolutions.

Stay Cyber Ready Stay Cyber Ready

CVE database

Access our centralized repository of product vulnerabilities (CVEs) with associated impact assessments and fixes.

Access CVE Details Access CVE Details

Vulnerability disclosure policy

Learn how to responsibly report potential security vulnerabilities and how our team manages and responds to disclosures.

Read Our Policy Read Our Policy

Report a security issue

Submit security vulnerabilities or incidents to the Pure Storage security team for prompt review and resolution.

Contact the Security Team Contact the Security Team

Certifications

We protect data, maintain compliance, and build customer trust with industry-leading, global security standards.
INDUSTRY-RECOGNIZED CERTIFICATIONS
ISO 27001 Certificate

ISO 27001 certifies our rigorous controls to protect customer data and ensure secure, reliable systems.

Learn More
INDUSTRY-RECOGNIZED CERTIFICATIONS
SOC 2 Type II Report

SOC 2 verifies our strong internal controls to ensure the security, confidentiality, and availability of our platform.

 

*For Pure Storage employees, please reach out to Customer Trust

Request SOC 2 Type II Report
INDUSTRY-RECOGNIZED CERTIFICATIONS
FIPS 140-3 Certificate

Pure Storage aligns with NIST cybersecurity standards, meeting NIST FIPS 140-3 for data protection and compliance.

Learn More
INDUSTRY-RECOGNIZED CERTIFICATIONS
Common Criteria //FA

NIAP Common Criteria certifies our products meet rigorous global security standards for government and defense assurance.

Learn More
INDUSTRY-RECOGNIZED CERTIFICATIONS
Common Criteria //FB

Common Criteria certifies our products meet rigorous global security standards for government and defense assurance.

Learn More
INDUSTRY-RECOGNIZED CERTIFICATIONS
VPAT Accessibility Conformance Report //FA

Our VPAT outlines how we meet accessibility standards, ensuring our technology is inclusive for all users.

Learn More
INDUSTRY-RECOGNIZED CERTIFICATIONS
VPAT Accessibility Conformance Report //FB

Our VPAT outlines how we meet accessibility standards, ensuring our technology is inclusive for all users.

Learn More
INDUSTRY-RECOGNIZED CERTIFICATIONS
ProcessUnity Global Risk Exchange Assessment Report

Visit our CyberGRX profile to reduce your supplier due-diligence burden.

Explore CyberGRX

Product support and security resources

Product support

Find answers to your technical questions and learn how to use our products.

Get Help Now
Product security

Explore product security resources, including the CVE database, security bulletins, certifications, and more. bulletins, and customer security support.

Learn More

Featured security resources and insights

PRESS RELEASE
Pure Storage Expands Cyber Resilience Innovations

Introducing new cyber-resilience capabilities that strengthen data protection, accelerate recovery, and help organisations defend against evolving threats.

Learn More
BLOG
Are You Making Any of These Mistakes with Your Log Analytics?

Security log analytics is pretty much SecOps table stakes. Learn how to avoid common mistakes that can prevent you from leveraging this goldmine.

Read the Blog
BLOG
Cyber-ready AI: Why Enterprise AI Security Can’t Stay in the Sandbox

Learn more about security-first storage and how it can scale with enterprise needs and evolving threats.

Read the Blog
BLOG
5 Ways Enterprise Data Cloud Improves Cyber Resilience

Boost resilience with Pure Storage’s Enterprise Data Cloud—unified storage, automated protection, and cleanroom recovery.

Read the Blog
BLOG
How Zombie Accounts Threaten Enterprise Security

Learn about “zombie” identities, or non-human identities (NHIs), and how you can manage them.

Read the Blog
BLOG
Security Simplified: Actionable CVE Updates

Organisations must be able to rapidly understand, assess, and mitigate vulnerabilities. See how Pure Storage can help.

Read the Blog
See All Resources
Vibrant red background with a dynamic hexagonal design in various shades of orange Vibrant red background with a dynamic hexagonal design in various shades of orange

Security assurance

Connected detection

Stay ahead of threats with native detection, tightly integrated to SecOps, for automated remediation.

Learn More Learn More
Data availability with layered resilience

Safeguard data with SafeMode™ Snapshots, fast recovery, and redundancy for cyber resilience.

Learn More Learn More
Governance and continuous assurance

Explore how Pure Storage unites risk, compliance, and monitoring to meet global standards like ISO 27001, OMB M-22-18, and NIST SP 800-218A.

View Assurance Packet View Assurance Packet
Data and privacy protection

Learn how we  protect privacy with data minimization, encryption, and GDPR/CCPA compliance

Read Our Privacy Notice Read Our Privacy Notice
Embedded security in the development lifecycle

Read how we build security into SSDLC (Secure Software Development Lifecycle) with secure coding, threat modeling, and continuous vulnerability testing.

Explore SSDLC Practices Explore SSDLC Practices

FAQ

People also ask:

1. Do you undergo regular third-party security audits or penetration testing?

The security team partners with reputable third-party security firms to perform specialized penetration tests across our infrastructure, products, and services, including Pure Storage FlashArray™, FlashBlade®, and cloud environments on an annual basis. Tests cover web applications, product features, code reviews, and threat modeling, thereby driving a robust security posture. Penetration test reports can be made available to customers upon request, subject to a mutual non-disclosure agreement (NDA).

2. How is access to customer data restricted and monitored?

Pure Storage does not process, store, or transmit customer data. Arrays are on-premise storage platforms that will remain under the customer's control. However we do receive system health and telemetry data which is stored in Pure1.

3. How do you encrypt data at rest and in transit?

All data is encrypted with AES 256-bit encryption. This encryption is done at the firmware level and is not hardware dependent. Our data encryption occurs without impact on performance and while maintaining full data reduction capabilities. 

FlashArray and FlashBlade encryption are FIPS 140-3 certified, NIST compliant, NIAP/Common Criteria validated, and PCI-DSS compliant. The efficacy of our data encryption and data erasure have been validated by Kroll OnTrack, one of the industry’s leading security firms.

4. How do you detect, respond to, and communicate security incidents or breaches?

Pure Storage detects security incidents through continuous monitoring of all arrays, which report back to the Pure1® cloud-based monitoring system every 30 seconds with detailed telemetrics and every hour with a full activity log. This real-time data enables proactive identification and resolution of issues. The Incident Response Program promptly identifies, declares, and responds to security incidents, managed by our Security Operations team. 

In the event of a confirmed security incident or data breach, Pure Storage notifies customers in writing no later than 72 hours after becoming aware of the incident, including incidents where data is accessed by or disclosed to an unauthorized party, and follows an established Incident Response Procedure as per contractual agreements.

5. Do you support Single Sign-On (SSO), MFA, or integration with identity providers (Okta, Azure AD, etc.)?

Yes. Pure Storage supports Single Sign-On (SSO) as the primary application portal, which requires multi-factor authentication (MFA). Multi-Factor Authentication is supported via RSA SecureID, and all applications published by Pure Storage IT require MFA. Pure1 provides SSO using SAML and can be integrated with the customer's Identity Provider. Purity OE supports SAML2-based SSO integration with Microsoft Active Directory Federation Services (AD FS), and SSO integration can optionally include MFA such as through a certificate or Microsoft Azure authentication. FlashArray supports SAML2.0, LDAP, and Active Directory integration for authentication and role-based access control. Administrative accounts can be integrated with Microsoft Active Directory or OpenLDAP, enabling granular administration and role assignment.

Committed to your protection

Join the Pure Storage community

The Pure Storage Community connects customers, partners, and experts to share knowledge, get support, and learn together.

Get Started
Contact us

Contact the Pure Storage Security team for questions, concerns, or reports related to security vulnerabilities, incidents, or disclosures.

Contact Support
SOC 2 Type II Request Form
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Your Browser Is No Longer Supported!

Older browsers often represent security risks. In order to deliver the best possible experience when using our site, please update to any of these latest browsers.

safari
chrome
firefox
edge