TrustAtlas Procurement Pack
← Full vendor profile   

Snowflake

integrator · United States , Bozeman · founded 2012 · SNOW

Employees: 5000+ · Stage: Public

24.4
moderate
default-balanced
composite score

Cloud data platform with Cortex AI, providing LLM-powered SQL functions, document processing, and AI assistants that operate directly on data warehouse content. Integrates frontier models alongside open-source models for enterprise AI workflows.

Analyst summary
Snowflake Cortex AI runs LLMs (Meta Llama, Mistral, and others) inside Snowflake's secure perimeter, meaning customer data never leaves the customer's account to reach an external LLM provider. This is a strong data-governance story, backed by FedRAMP High (GovCloud), HIPAA BAA, and HITRUST. The 2024 credential-stuffing incident is a reminder that MFA enforcement is critical.
The strongest enterprise AI story for data-warehouse-resident workloads; MFA enforcement is table stakes.
Rating: recommended

Compliance posture

SOC 2 Type IIYes (report 2025-06-01)
ISO 27001Yes
ISO 42001 (AI management system)No / not disclosed
FedRAMP authorizedYes (High)
GDPR compliantYes
CCPA compliantYes
HIPAA compliantYes
NIST AI RMF alignedYes
CSA STAR certifiedYes
EU AI Act classificationlimited_risk

Data handling

Trains on user datano
Outputs feed model improvementno
Data retention periodCustomer controls data lifecycle; Cortex AI queries are transient
Can delete user data on requestYes (SLA 30 days)
Default data residencyUS
Encryption at restYes (AES-256 / TLS 1.2+ / Tri-Secret Secure customer-managed keys)
Encryption in transitYes
DPA availableYes
Public subprocessor listYes
HIPAA BAA availableYes

IP profile

User owns outputsyes
Vendor claims output rightsNo / not disclosed
Input IP protectionstrong
Indemnification offeredNo / not disclosed
Copyright shield programNo / not disclosed
Commercial use permittedYes
Training data provenancenot_applicable
Known IP lawsuitsNo / not disclosed

Jurisdiction

Incorporation countryUS
Incorporation jurisdiction risklow
Subject to US jurisdictionYes
Subject to EU jurisdictionYes
Subject to China jurisdictionNo / not disclosed
Subject to Russia jurisdictionNo / not disclosed
Government data access riskmoderate
Five Eyes alignedYes
Adequate privacy jurisdictionNo / not disclosed

Governance

Publishes model cardsNo / not disclosed
Publishes transparency reportsYes
Has AI ethics boardNo / not disclosed
Safety testing disclosedYes
Red-teaming programNo / not disclosed
Government contractsYes
Responsible-AI policyhttps://www.snowflake.com/en/legal/snowflake-ai-acceptable-use-policy/
Terms of servicehttps://www.snowflake.com/legal/
Privacy policyhttps://www.snowflake.com/legal/privacy-policy/

Incidents on record

No incidents on file.

OWASP LLM Top 10 cross-walk

TrustAtlas dimensions that materially address each OWASP risk. Use to translate this vendor's compliance posture and data-handling stance into the application-security vocabulary your security team already uses.

LLM01
Prompt Injection
User-supplied prompts manipulate model behaviour to bypass intended controls.
SecurityTransparencyDependency chain
LLM02
Sensitive Information Disclosure
Models leak PII, PHI, secrets, or proprietary data through outputs.
Data handlingIP exposureJurisdiction
LLM03
Supply Chain
Risk propagates from upstream models, datasets, plug-ins, and vendors.
Dependency chainBusiness stabilitySecurity
LLM04
Data and Model Poisoning
Adversarial training data or fine-tuning input degrades model integrity.
Data handlingTransparencySecurity
LLM05
Improper Output Handling
Downstream systems blindly trust model output, enabling injection downstream.
IP exposureTransparency
LLM06
Excessive Agency
Agents granted overbroad tool, identity, or permission scopes cause harm.
Dependency chainTransparencyJurisdiction
LLM07
System Prompt Leakage
System prompts containing secrets or logic are extracted via crafted input.
Data handlingTransparency
LLM08
Vector and Embedding Weaknesses
Vector stores and RAG pipelines leak or contaminate retrieved context.
Data handlingSecurity
LLM09
Misinformation
Hallucinated, biased, or fabricated outputs treated as authoritative.
TransparencyRegulatory complianceBusiness stability
LLM10
Unbounded Consumption
Cost, denial-of-service, and resource-exhaustion attacks against LLM endpoints.
SecurityBusiness stability

Full framework reference: https://trustatlas.pages.dev/framework/owasp-llm-top-10

NIST AI RMF cross-walk

How each NIST AI RMF function is supported by the dimensions TrustAtlas scores.

GOVERN
Govern
Establish AI governance structure: policies, roles, accountability.
Regulatory complianceJurisdictionTransparencyBusiness stability
MAP
Map
Establish AI context: intended purpose, use cases, capabilities, and risks.
TransparencyDependency chainData handlingIP exposure
MEASURE
Measure
Quantitative + qualitative risk assessment: testing, benchmarks, monitoring.
SecurityData handlingTransparency
MANAGE
Manage
Treat identified risks: mitigation, controls, incident response, lifecycle.
Regulatory complianceSecurityDependency chainBusiness stability

Full framework reference: https://trustatlas.pages.dev/framework/nist-ai-rmf

Cited sources

FieldSource
data_handling.hipaa_baa_available https://www.snowflake.com/trust-center/compliance/hipaa-hitrust/
Verified 2026-04-19 by admin
data_handling.third_party_data_sharing https://docs.snowflake.com/en/user-guide/snowflake-cortex/llm-functions
Verified 2026-04-19 by admin
data_handling.trains_on_user_data https://www.snowflake.com/trust-center/cortex-ai/
Verified 2026-04-19 by admin
governance.security_incidents https://www.bleepingcomputer.com/news/security/snowflake-customer-data-breach-extortion-campaign/
Verified 2026-04-19 by admin
ip_profiles.user_owns_outputs https://www.snowflake.com/legal/customer-relationship-agreement/
Verified 2026-04-19 by admin
jurisdiction_profiles.incorporation_country https://investors.snowflake.com/financials/sec-filings/
Verified 2026-04-19 by admin
security_compliance.fedramp_authorized https://www.snowflake.com/trust-center/compliance/fedramp/
Verified 2026-04-19 by admin
security_compliance.iso_27001 https://www.snowflake.com/trust-center/compliance/
Verified 2026-04-19 by admin
security_compliance.soc2_type2 https://www.snowflake.com/trust-center/compliance/
Verified 2026-04-19 by admin

Questions to ask before signing

Vendor-agnostic baseline. Send these to the vendor and require written answers before contract.

  1. 01. Provide your most recent SOC 2 Type II report (with bridge letter if applicable).
  2. 02. Describe your training-data provenance and customer opt-out mechanics in writing.
  3. 03. List all sub-processors and confirm notification policy for material additions.
  4. 04. Confirm BAA availability and signed-BAA process if we process PHI.
  5. 05. Describe rate-limiting, quota, and circuit-breaker controls protecting our usage.
  6. 06. Provide your model card or equivalent disclosure documenting intended use, limitations, and known failure modes.
  7. 07. Describe your prompt-injection defences and red-team posture against OWASP LLM Top 10 risks.
  8. 08. Confirm data residency options and which sub-regions our data may touch.
  9. 09. Provide incident-response SLAs, security-event notification timelines, and the most recent pen-test report summary.
  10. 10. Confirm output ownership terms and any indemnification or copyright-shield programs available.
  11. 11. Describe acquisition-risk safeguards and what happens to our data on a change of control.
  12. 12. List foundation-model dependencies and how upstream-model risk is mitigated.

Methodology + caveats

Composite scores use the default-balanced weight profile (25% data handling, 20% IP exposure, 15% jurisdiction, 15% security, 10% regulatory compliance, 8% transparency, 5% business stability, 2% dependency chain). All facts are sourced from the vendor's own public disclosures, public regulatory filings, or reputable secondary reporting — see the cited sources table above. This pack is decision-support material, not legal advice or audit evidence.