1 of 20
2 of 20
3 of 20
4 of 20
5 of 20
6 of 20
7 of 20
8 of 20
9 of 20
10 of 20
11 of 20
12 of 20
13 of 20
14 of 20
15 of 20
16 of 20
17 of 20
18 of 20
19 of 20
20 of 20

site

doc

blog

success stories

SOC Compliance

At Azion, we consistently strive to enhance our internal security controls to assure our customers that the applications, content, and data running on our Edge Platform are kept safe and available. And in this tradition, Azion receives annual SOC 2 Type 2 and SOC 3 reports, which demonstrate that our security controls are continuously audited over the course of the year.

What are SOC 2 Type II and SOC 3?
What are SOC 2 Type II and SOC 3?

SOC 2 is an auditing procedure developed by the American Institute of Certified Public Accountants (AICPA) to ensure that service providers are taking the necessary steps to maintain data security and privacy. SOC 2 attests to the trustworthiness of services provided by the organization, and it is composed of five “trust service principles” that serve as a backbone for secure data management.

Azion is evaluated on two different trust principles: Security and Availability.

This third-party evaluation assesses our Platform’s ability to prevent unauthorized access, security breaches, and security-related issues that might impact availability.

Azion’s SOC 2 Type 2 attestation applies to our entire Edge Platform, which includes the Edge Application product and its modules (Application Acceleration, Edge Caching, Edge Functions and Load Balancer) and the Edge Firewall product and its modules (DDoS Protection, Network Layer Protection, Web Application Firewall - WAF, and Origin Shield), covering all regions where it is deployed. We invested in the effort to attest our entire Platform for mainly one reason: performance. Flawless experiences demand that apps and data are processed and delivered as close to end users as possible, and certifying less than our entire network and Platform would lead to a performance tradeoff.

Additionally, Azion has gone a step further, gaining SOC 3 attestation for our customers with the most stringent regulatory and compliance needs. The SOC 3 report, attested by the same auditors who verified Azion’s controls for SOC 2 Type 2, outlines information related to Azion’s internal controls for security and availability, and can be obtained by Azion customers by reaching out to their Customer Service Representative.

What this means for our customers

SOC 2 Type 2 and SOC 3 designations can be used to simplify your audits and to ensure the security level of the Azion Edge Platform services you use.

Frequently asked questions

Who performs the independent audit of Azion for its SOC 2 Type 2 and SOC 3 reports?

Azion’s SOC 2 Type 2 and SOC 3 reports covering the Security and Availability trust service principles are generated by KPMG.

How often are the Azion SOC 2 and SOC 3 reports issued?

Azion’s SOC 2 and SOC 3 reports are issued once per year.

Which Azion products and world regions are covered?

Azion’s SOC 2 and SOC 3 reports cover the entire edge platform, which includes the Edge Application product and its modules (Application Acceleration, Edge Caching, Edge Functions and Load Balancer) and the Edge Firewall product and its modules (DDoS Protection, Network Layer Protection, Web Application Firewall - WAF, and Origin Shield), in all regions where it is deployed. Presently we are deployed in six continents.

Does Azion have certificates of SOC 2 and SOC 3 compliance?

There is no certificate of compliance for SOC 2. Rather, qualified third-party assessors produce a report on compliance for the assessed organization, attesting to the trustworthiness of services provided by the organization. For SOC 3, Azion customers with Mission Critical support plans may request a copy of the report through their Customer Service Representative.