dbt Labs expands ISO certifications

dbt Labs has expanded its security and compliance portfolio with three additional ISO certifications: ISO 27017:2015, ISO 27018:2025, and ISO 42001:2023. These certifications complement our existing ISO 27001:2022 and ISO 27701:2019 certifications to reinforce our commitment to the highest standards of security, privacy, and now artificial intelligence governance.

These certifications represent a significant evolution in how dbt Labs protects your data and AI workflows. We're providing you a unified security, privacy, and AI governance framework. This means you can use dbt's cloud services and AI features knowing that specialized controls protect your data operations, ensure responsible AI use, and meet your privacy obligations; all verified by independent auditors to international standards.

New ISO certifications

ISO 27017:2015

This certification provides guidelines for information security controls applicable to cloud services to secure your data in cloud environments. It extends the existing ISO 27001 framework with cloud-specific security controls, ensuring that our cloud service delivery meets international best practices.

ISO 27018:2025

This standard focuses specifically on protecting personally identifiable information (PII) in public cloud environments. By achieving this certification, we confirm our adherence to a comprehensive set of controls designed to protect your sensitive data and maintain privacy in cloud services.

ISO 42001:2023

ISO 42001:2023 is the world's first international standard for Artificial Intelligence Management Systems (AIMS), providing a comprehensive framework for organizations to develop, deploy, and manage AI systems responsibly.

This certification demonstrates that dbt Labs has implemented:

• Structured AI governance with clear policies, procedures, and accountability for AI systems
• Risk management frameworks specifically designed to identify and mitigate AI-related risks
• Ethical AI principles to ensure fairness, transparency, and explainability in our AI implementations
• Continuous monitoring of AI systems to ensure they perform as intended and remain aligned with our values
• Stakeholder engagement processes to consider the impact of AI on customers, employees, and communities

This means dbt Copilot AI-powered features—including context-aware code generation, documentation assistance, and intelligent recommendations, and AI-assisted workflow automation—are developed and deployed with rigorous governance controls.

We've established clear guidelines for AI development, regular audits of AI system performance, and mechanisms to address potential biases or unintended consequences.

What this means for dbt customers

These expanded certifications provide several key benefits:

• Enhanced cloud security with specialized controls designed for cloud service environments
• Stronger privacy protections for personal data processed in dbt’s cloud infrastructure
• Responsible AI governance ensuring ethical and transparent use of artificial intelligence in the features you rely on daily
• Confidence in AI features knowing that dbt AI capabilities are subject to rigorous oversight and ethical standards
• Simplified compliance for your organization when using dbt, particularly as AI regulations evolve globally
• Independent verification of dbt’s security, privacy, and AI governance practices by accredited third-party auditors
• Transparency and accountability in how we develop, deploy, and monitor AI systems that impact your workflows

ISO 42001 certification ensures that dbt Labs is not just innovating rapidly, but doing so responsibly. Our customers can trust that AI features in the dbt platform are built with safeguards against bias, designed with explainability in mind, and continuously monitored for performance and ethical alignment.

Our ongoing security journey

These new certifications represent important milestones in our security journey, but our commitment doesn't end here. dbt Labs continues to invest in robust security measures including:

• Regular independent security assessments and penetration testing
• Our active vulnerability disclosure program
• Ongoing SOC2 Type II, GDPR, CCPA compliance
• Continuous improvement of our security processes and technologies
• Regular AI system audits and ethical reviews to maintain ISO 42001 standards

We're ensuring that you can continue to use the dbt platform with confidence, knowing that your data is protected by security, privacy, and AI governance controls that meet the highest international standards.

For more information about our security practices and certifications, please visit our security page.