Security and Privacy Guidelines
General Company Information
Docker, Inc. is a corporation registered in Delaware with its principal place of business in Palo Alto, California. Docker has subsidiaries in multiple countries. Docker and its subsidiaries are collectively described herein as “Docker” or the “Company”.
Organizational Security Measures
Global IT & Security Policy – Docker maintains a Global IT and Security Policy which is applicable to all of its employees and subsidiaries worldwide. The policy is consistent with all applicable local laws and ensures that employees are responsible for the safeguarding of company property and programs to which they have access.
Confidential Information – Docker employees are expected to respect and protect confidential information of the Company as well as any such information it may have as a result of a business relationship.
Physical and Technical Security Measures
Docker does not operate its own servers or networks. Docker relies on the services of Amazon Web Services for its storage requirements which are located in Virginia, USA. Docker utilizes third party application providers such as Google, GitHub, DropBox and Salesforce for its business requirements – it does not operate its own network for these applications or storage associated with such applications. Docker utilizes appropriate access controls for these applications, including multi-factor authentication as well as the services of single sign on provider Okta. Employees only have access to information for which there is a specific need to know. Docker operates its business on a fully remote distributed basis and does not maintain any physical office locations.
Data Privacy and Security
Third Party Review
Docker does not act as a system of record for any of its customers and has not engaged any third party for any SOC compliance or similar review. The Company does have its financial statements audited annually. Docker is a private company and its financial information is company confidential information.
Software Development and Lifecycle
Docker has implemented and maintains a secure software development life cycle for all applications which integrate with its environment or are developed on its behalf. Docker observes industry standard application security guidelines such as Open Web Application Security Project (OWASP). Docker ensures that (a) regular reviews of application source code occurs, (b) developers receive detailed coding and design training in application security, and (c) development, testing, production and operational facilities are separated to reduce the risk of unauthorized access or changes to the production and operational systems.