At CloudPassage, the security, integrity, and the availability of our customers’ applications and data is a top priority. We have implemented a multi-layered security approach that protects systems, services and data against unauthorized use, disclosure, modification, damage and loss.
CloudPassage has been audited against the Service Organization Control (SOC) reporting framework for SOC 2, Type 2. The SOC 2 report is available to customers to meet a wide range of US and international auditing requirements.
The SOC 2 is an evaluation of the design and operating effectiveness of controls that meet the criteria for the security principle set forth in the AICPA’s Trust Services Principles criteria. This report provides additional transparency into CloudPassage security and availability based on a defined industry standard and further demonstrates CloudPassage’s commitment to protecting customer data.
Our PCI DSS 3.2 compliance certifies safe and secure handling of credit card holder information. As overseen by the Payment Card Industry Security Standards Council (PCI SSC), CloudPassage places stringent controls around cardholder data as both a service provider and merchant.
CloudPassage provides managed security services that may assist our customers in securing their environments and/or meeting certain PCI DSS compliance requirements. The CloudPassage Halo service does not store, process, or transmit any cardholder data. Under the PCI Data Security Standards, our services fall into the category of impacting the security of cardholder data and as such, we acknowledge our responsibility to comply with applicable requirements for PCI for our environment. As CloudPassage does not perform hosting services, customers are fully responsible for meeting all PCI DSS requirements within their own environments.
The CSA Security, Trust & Assurance Registry (STAR) is a free, publicly accessible registry that documents the security controls provided by various cloud computing offerings, thereby helping users assess the security of cloud providers they currently use or are considering contracting with. CloudPassage is a CSA STAR registrant and has completed the Cloud Security Alliance (CSA) Consensus Assessments Initiative Questionnaire (CAIQ). The latest version of the CAIQ, aligned to CSA’s Cloud Controls Matrix (CCM) v.3.0.1, provides answer to almost 300 questions a cloud customer or a cloud security auditor may wish to ask of a cloud provider
A CSA STAR Level 1 Questionnaire for CloudPassage is available for download on the Cloud Security Alliance’s website here.