2121/24, 641 PM ‘Trust -Coupa s3coupa ‘COUPA TRUST Success begins with relationships based on trust Coupa earns your trust through our five Trust Pillars Security Compliance Privacy Product Compliance ESG Intps:twww-coupa.comicompanyitust 182121/24, 641 PM Trust -Coupa #,ecoupa and operations from the very beginning of the product development lifecycle. Our commitment is to invest in the technology, people, and processes that ensure the data you've entrusted with us is safe, secure, and totally private. Review our responsible disclosure policy below Our Responsible Disclosure Policy > hitps www. coupa.comcompanyhrust Technical Vulnerability Management The Security Operations Center (SOC) oversees vulnerability management and is responsible for monitoring application and system vulnerabilities. To report vulnerabilities, reach out below: Customers a Customers can reference additional security program information via the Secure Coupa Compass Portal Learn More > Prospects and Partners v Suppliers v 2182121/24, 641 PM #,ecoupa soci Coupa is SOC 1 compliant on controls Relevant to User Entities’ Internal Control Over Financial Reporting. hitps www. coupa.comcompanyhrust Trust -Coupa Compliance soc2 Coupa is SOC 2 compliant on controls relevant to Security, Availability, and Confidentiality. IsO 27001 ‘Coupa maintains a certified Information Security Management ‘System that conforms to the requirements of ISO/IEC 27001:2013. Iso 27001 ¢ DH ICERTIFIED| » schellman 382121/24, 641 PM #,ecoupa Coupa maintains a certified privacy Information Management ‘System (PIMS) that conforms to the requirements of ISO/IEC 27701:2013. Iso 27701 Lf FedRAMP Moderate ‘Coupa maintains a FedRAMP (Federal Risk and Authorization Management Program) Moderate Authorization. Trust -Coupa Coupa is certified with the Payment Card Industry Data Security Standards (PCI Dss) certification, which safeguards cardholder data. Secuity, Sindatde Cound ITAR/GovCloud Coupa complies with the ITAR Personnel Screening and Access Authorization procedures for Coupa’s GovCloud Platform. Coaren a aeme) Coupa is compliant with the Health Insurance Portability and Accountability Act (HIPAA) hosting standards for Protecting Private Health Information, HIPAA TANT TISAX Coupa is certified with the European Information Security Assessment (ISA) for the Automotive Industry. TISAX’ APEC PRP Coupa conforms to the Asia Pacific Economic Cooperation (APEC) Privacy Recognition hitps www. coupa.comicompanyhust BSIC5 Certification Coupa is certified with the German BSI (Federal Office for Information Security) for secure 482121/24, 641 PM ‘Trust -Coupa coupa BY Sessa APEC PRIGACY Home / Trust Products Solutions Customers Resources Partners Services Company Careers News Initiatives f§ X nm og G Why Coupa Need to get in touch? (Contact Us. #,3coupa Intps:twww-coupa.comicompanyitust2121124, 8:41 PM ‘Trust -Coupa scoupa Intps:twww-coupa.comicompanyitust