Learn More About How Perforce Approaches Data Security for Its Customers
A core guiding factor in everything that we do is to ensure that our security is robust and included at the beginning of design. This shapes not only how we protect the security and privacy of our systems, networks, services, and data, but that of our customers as well.
To ensure that security is enforced, we operate under several guiding principles to ensure that we effectively address security and privacy.
How We Handle Security Regulations and Compliance
SOC2 Type2
Perforce undergoes a SOC 2 Type 2 examination of our security controls against the AICPA defined standards on an annual basis with a third-party audit firm to ensure the security of our platform and its supporting infrastructure. As of the most recent examination, a number of Perforce products are SOC 2 Type 2 compliant.
Privacy-Related Data Mapping and Protections
Perforce is committed to ensuring ongoing compliance with privacy-related date mapping guidelines, including:
General Data Protection Regulation (GDPR)
The GDPR extends the reach of the European Union’s data protection laws and establishes many new requirements for organizations that fall under its scope.
California Consumer Privacy Act (CCPA)
The CCPA is a state law that provides consumer privacy rights and protections for residents of the state of California.

How We Handle Security and Compliance Requests
GDPR Data Subject Request
A key aspect of the General Data Protection Regulation (GDPR) is the ability for people to make requests about how their data is stored, ask to be forgotten, or retrieve a copy of identifiable data related to them.
Perforce does not collect this information about our customers or our customers’ customers; however, on occasion, this data is necessary for business. If someone wanted to make a GDPR-related personal data request, contact us via email.
Perforce Vulnerability Reporting and Coordinated Disclosure Policy
Perforce supports coordinated disclosure of security vulnerabilities and welcomes reports from security researchers on issues found in Perforce products, and Perforce distributed packages or infrastructure.
To report a vulnerability contact the Perforce security team at [email protected].
We credit security researchers based on the value of the contributions they provide. The Perforce Security team reviews each disclosure and assigns a scored value based on the relevance of the disclosure. These scores are calculated quarterly, and the top-scoring individuals are publicly credited on our website. Additional credit will be awarded to individuals who provide code fixes or additional information about how to fix the vulnerability.
Thank you for supporting Perforce's coordinated disclosure process!
Out-of-Scope
- Software version or banner disclosures
- Directory traversal on yum, apt, or downloads where traversal is explicitly desired
- Self-XSS or CSRF on unauthenticated web forms (including logout CSRF)
- Disclosure or discovery of known public files or directories (for example, robots.txt, simple DNS enumeration)
- Brute force attempts (for example, log-in and forgot password pages don't have lockouts)
- Account enumeration (for example, enumerating login or reset fields for valid accounts without lockouts)
- Email spoofing possibilities. Suggesting turning on SPF, DMARC, or DKIM isn't welcome, though specific issues with those configurations are.

Led by CISO Aaron Kiemele
As the guide for the ongoing maturation of the information security program, Aaron Kiemele is the Chief Information Security Officer (CISO) at Perforce Software. With a technical foundation, Aaron approaches managing an information security program through a foundation of practical, actionable approaches to protecting the confidentiality, integrity, and availability of systems, networks, services, and data.
Aaron’s experience ranges from network engineering to executive leadership roles — including CTO and CISO — with highly regulated industries, which includes healthcare, government, defense, and payment/finance.
With a “Secure by Design and Compliant by Default” approach, Aaron and his team guides the diverse Perforce product lines through their compliance and regulatory obligations. This work is performed with the help of designated liaisons each time, acting as subject matter experts and points of contact to provide tactical support.
Contact Us
Contact us to get your Perforce security and compliance questions answered.