> ## Documentation Index > Fetch the complete documentation index at: https://docs.polygon.technology/llms.txt > Use this file to discover all available pages before exploring further. # Security reports > Public security audits, penetration tests, and certifications for Polygon infrastructure and applications. The following lists the latest available public external assessments and certifications. For questions about security assessments, [contact the security team](/tools/security/contact/). ## Certifications ### ISO/IEC 27001:2022 Polygon Labs has been certified since March 2024. **Certificate:** Schellman Certificate Directory (search for "Polygon Labs") **Scope:** The ISO/IEC 27001:2022 certification covers the information security management system (ISMS) supporting Polygon Labs' business of designing and developing blockchain scaling and interoperability solutions, including Polygon PoS Chain, Polygon CDK, and Agglayer, in accordance with the statement of applicability, version 1.3, dated October 6, 2025. *** ## Polygon PoS chain ### Bor and Heimdall | Auditor | Type | Report | | ---------------- | -------------- | ---------------------------------------------------------------------------------------------------------------- | | Informal Systems | Security audit | View on GitHub | ### Bridge and staking contracts | Auditor | Type | Report | | -------- | --------------- | --------------------------------------------------------------------------------------------------------------------------------------- | | Multiple | Security audits | PoS Portal audits | | Multiple | Security audits | PoS contracts audits | ### POL token | Auditor | Type | Report | | ------------- | -------------- | ----------------------------------------------------------------------------------------------------------------------------- | | ChainSecurity | Security audit | View on GitHub | | SigmaPrime | Security audit | View on GitHub | *** ## Agglayer ### Agglayer smart contracts | Auditor | Type | Report | | ----------- | -------------- | ------------------------------------------------------------------------------------------------------------------------------------------ | | Sigma Prime | Security audit | View on GitHub | | Hexens | Security audit | View on GitHub | | Spearbit | Security audit | View on GitHub | *** ## CDK Most CDK components have been reviewed as part of zkEVM's audits. | Component | Auditor | Type | Date | | -------------- | --------- | ---------------- | ---------- | | Bridge service | Cobalt.io | Penetration test | March 2025 | | Bridge UI | Cobalt.io | Penetration test | March 2025 | *** ## Zero | Auditor | Type | Report | | --------------- | -------------- | -------------------------------------------------------------------------------------------------------------------------------- | | Least Authority | Security audit | View on GitHub | *** ## zkEVM | Auditor | Type | Date | Report | | ---------- | --------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------ | | Verichains | zkEVM-Rom audit | January 2023 | View on GitHub | | Hexens | Security audit | N/A | View on GitHub | | Spearbit | Security audit | N/A | View on GitHub | *** ## Related resources * [Bug bounty programs](/tools/security/bugbounty/): Report vulnerabilities and earn rewards * [Responsible disclosure](/tools/security/disclosure/): How to report security issues * [Security overview](/tools/security/overview/): Polygon Labs' security practices