1Password: Security & Privacy Assessment Resources

At 1Password we use the assessment and customer trust platform Conveyor to offer our customers the easiest possible access to documents and documentation relevant for assessing the privacy and security characteristics of our software, services, and our operations.

Public profile for 1Password at Conveyor

Our SOC 2 Type II report can be downloaded from our public room on Conveyor without requesting access. It is under the Featured Documents section at the top of the page.

On the public profile page you are going to find:

• SOC 2 Type II report
• ISO 27001, 27017, 27018, 27701 Certificates
• CAIQ 4.0.2
• SIG Lite 2023
• 1Password VPAT
• Basic information about our security design
• Access to the 1Password Security White Paper and our current sub-processor list
• The Conveyor Trust Transparency Score
• A breakdown of our security and privacy stance, as determined by Conveyor
• Answers to a host of questions you may have about 1Password

By requesting access to the 1Password room on Conveyor, you will also be able to access:

• SIG Core 2021-22
• HECVAT Full (February 2023)
• 1Password Server Architecture Diagram
• Proof Of Insurance
• An extensive database of questions and answers covering characteristics of our platform, our operations, our Secure Development Lifecycle Process, and much more

Independent Security Assessments

Every year, 1Password has approximately 12 penetration tests performed by independent third parties. These test cover a wide range of subjects, including but not limited to our applications, the service architecture, and code reviews. We regularly publish penetration test reports on our public support site: Security audits of 1Password

Bug Bounty Program

1Password works with HackerOne to reward researchers who identify accepted vulnerabilities. We increased the maximum payout to USD 1,000,000.— in March of 2022.