Beyond the checkbox: Building trust through compliance, resilience, and continuous improvement

Published on September 4, 2025

BS-FY26-Q2 BLG-Header-1920x1080-Blog--PMM- FY26Q3 Security & Compliance update

Trust and compliance are central to how enterprises evaluate and select digital service providers. As businesses increasingly depend on external platforms to support critical operations, expectations around data protection, security, and business continuity have intensified. 

In fact, 47% of organizations have experienced a breach or attack that involved third-party network access in the previous 12 months. Meanwhile, 82% of compliance leaders report tangible business consequences, from operational disruption to regulatory penalties, due to third-party risk exposure. These figures underscore why trust-driven due diligence is now a strategic imperative. 

Here at Contentful, we treat trust as a strategic priority, shaping our approach to compliance, resilience, and security. We strive to embed these principles across our culture and operations, treating security as more than a technical requirement but as an enabler of safer innovation and reduced organizational friction. 

While there’s always more progress to be made, this mindset helps us stay proactive in managing evolving risks and delivering reliable, enterprise-ready experiences.

Achieving (and maintaining) major milestones

Enterprises look to partners like Contentful for innovation, transparency, reliability, and alignment with evolving regulatory requirements. Our programs combine globally recognized standards with modern technology and automation, creating a control environment that reflects how our customers operate today.

These milestones enhance our ability to meet customer due diligence expectations, reduce procurement friction, and support engagement with enterprise stakeholders. They also reflect Contentful’s commitment to building a mature, trustworthy, and audit-ready security posture. 

SOC 2 Type 2 and SOC 3 Reports

SOC 2 (Service Organization Control 2) Type 2 is a baseline expectation for enterprises. It validates that our security controls are well designed and consistently effective over time. 

The independent audit confirms that our security, confidentiality, and availability practices operate reliably, giving customers confidence to adopt and grow with Contentful.

To further support transparency, we also publish a SOC 3 report, which provides a publicly accessible summary of our SOC 2 Type 2 attestation.

Read more about SOC 2 Type 2

ISO/IEC 27001

Since initially achieving ISO/IEC 27001:2022 certification, we’ve expanded the scope to include additional business entities and successfully migrated to the latest version of the standard. 

Engagement with leading auditors in both the U.S. and Europe, alongside the integration of new acquisitions into a unified program, underscores our commitment to both internal and external assurance. 

This ongoing cycle of audits and program improvements supports the maturity of our information security management system (ISMS).

Read more about  ISO/IEC 27001

PCI DSS

While Contentful does not directly process payment card data, we undertake annual PCI DSS (Payment Card Industry Data Security Standard) self-assessments and quarterly security scans. These efforts demonstrate our commitment to customer trust.

Read more about PCI DSS

TISAX

For industries such as automotive and manufacturing, the TISAX (Trusted Information Security Assessment Exchange) framework provides additional assurance to enterprise customers operating in highly regulated environments. Contentful undergoes TISAX assessment every three years, adapting each cycle to evolving business needs and expectations.

Read more about TISAX

Compliance as culture, not a checkbox

We believe that compliance shouldn’t be driven by a spreadsheet. It’s a strategic enabler of growth, customer trust, and long-term partnership. From executive leadership to new hires, our approach is collaborative, practical, and centered on customer needs. 

At the core of this model is our investment in purpose-built compliance platforms that help us monitor and maintain adherence across multiple frameworks. These tools allow us to apply shared controls consistently, assign direct ownership across functional teams, and ensure clear visibility into the effectiveness of each control. 

The result is an efficient, transparent and accountable system that drives continuous improvement. Compliance is not a regulatory burden, but an opportunity to raise the bar, proactively supporting customer trust and organizational resilience.

Several principles guide our strategy and elevate it to a competitive advantage.

  • Core value alignment: Compliance at Contentful reflects our core values. With a relentless customer focus, we design programs that solve real-world challenges, helping customers meet their regulatory requirements, build trust, and future-proof their operations. While this  streamlines procurement, our highest priority is safeguarding our customers and supporting their long-term resilience.

  • Continuous improvement: Our programs evolve alongside emerging standards, threat landscapes, and customer needs. Regular control reviews, ongoing training, and investments in modern tooling keep our practices practical and future-ready. It's not just about adding updates, but about meeting customers where they are, and anticipating where they're going.

  • Leadership engagement: Executive and founder involvement ensures security and compliance are treated as ongoing, strategic imperatives. This shapes investments, risk management, and how we deliver trust as part of our platform vision.

Taken together, this values-driven approach protects data and builds stronger partnerships, positioning Contentful as a platform trusted by enterprises, powering next-generation digital experiences across brands, regions, and channels for more than 4,200 organizations worldwide.

Looking forward

So what’s next? Our approach to compliance extends beyond maintaining current certifications. 

We actively monitor international standards, such as ISO 22301, ISO 42001, and ISO 27301, to identify areas of alignment, evaluate control enhancements, and assess future opportunities for attestation where it supports our customers and business strategy. While not all frameworks will result in formal certification, we examine where our existing controls align to provide equivalent assurance where possible. 

While not all frameworks will result in formal certification, we examine where our existing controls align or where we can make improvements to provide strong assurances and build trust with our customers.

We also track customer signals related to new compliance expectations, enabling us to respond to inquiries with transparency and confidence. In parallel, we continuously assess evolving global regulations to ensure our programs remain relevant, practical, and supportive of enterprise customers operating in complex environments. 

Attestations remain a critical part of our strategy, to independently validate the strength of our controls — both for ourselves and for our customers.

Commitment to customers and continuous improvement

Contentful’s compliance journey is defined by continuous learning, strategic investment, and a commitment to building trust-based partnerships. We’ve built a strong, technology-powered foundation and are now scaling with intelligent, adaptive capabilities that raise the bar for enterprise trust. 

This is how we think about compliance, not as a narrow obligation or checkbox, but as a strategic, customer-centric function embedded across our platform and culture. It’s a vehicle for transparency, a catalyst for cross-functional accountability, and a tool for continuous improvement.  As risks evolve, so will we, with the same rigor, responsiveness, and clarity that our customers expect.

To learn more about our commitment to security and compliance, we invite you to review our Security Addendum.

Subscribe for updates

Build better digital experiences with Contentful updates direct to your inbox.

Meet the authors

Claire Phipps

Claire Phipps

Director of Business Resilience & GRC

Contentful

Claire is the Director of Business Resilience & GRC at Contentful. With over 20 years of experience in Governance, Risk, and Compliance, she leads global initiatives across ISO 27001, ISO 22301, SOC 2, PCI DSS, and TISAX frameworks. She's passionate about driving meaningful compliance, with a strong focus on quality, effectiveness, and audit-ready outcomes. Her approach emphasizes practical implementation, cross-functional engagement, and embedding security and resilience into how teams work — and believes everything, including GRC, is better with dogs.

Related articles

In the third of our Partner of the Year Awards, we’re delighted to recognize program members who have gone above and beyond to drive exceptional growth.
News

Celebrating excellence: Meet the 2025 Partner of the Year Award recipients

February 27, 2025

Introducing the Contentful Certified Content Manager program and certification. If you're a content manager using Contentful daily, this course of study is made for you.
News

Become a Contentful Certified Content Manager and elevate your skillset

May 1, 2025

When we first launched Contentful, we saw a better way to manage content. Today, we’re applying that same pioneering spirit to the broader digital experience.
News

The future of digital experiences are AI-powered, composable, and built to win

March 31, 2025

Contentful Logo 2.5 Dark

Ready to start building?

Put everything you learned into action. Create and publish your content with Contentful — no credit card required.

Get started