SOC Compliance
Azion consistently strives to enhance internal security controls to assure customers that the applications, content, and data running on Azion Edge Computing Platform are kept safe and available. In this tradition, Azion receives biannual SOC 2 Type 2 and SOC 3 reports, which demonstrate that the security controls are continuously audited over the course of the year.
What are SOC 2 Type II and SOC 3?
SOC 2 is an auditing procedure developed by the American Institute of Certified Public Accountants (AICPA) to ensure that service providers are taking the necessary steps to maintain data security and privacy. SOC 2 attests to the trustworthiness of services provided by the organization, and it’s composed of five “trust service principles” that serve as a backbone for secure data management.
Azion’s evaluation
Azion is evaluated on two different trust principles: Security and Availability.
This third-party evaluation assesses the platform’s ability to prevent unauthorized access, security breaches, and security-related issues that might impact availability.
Azion’s SOC 2 Type 2 attestation applies to the entire Azion Edge Computing Platform, which includes the Edge Application product and its add-ons (Application Accelerator, Edge Cache, Edge Functions, and Load Balancer) and the Edge Firewall product and its add-ons (DDoS Protection, Network Layer Protection, Web Application Firewall - WAF, and Origin Shield), covering all regions where it’s deployed. Azion invested effort into attesting the entire Platform for mainly one reason: performance. Flawless experiences demand that apps and data are processed and delivered as close to end users as possible, and certifying less than the entire network and Platform would lead to a performance tradeoff.
Additionally, Azion has gone a step further, gaining SOC 3 attestation for customers with the most stringent regulatory and compliance needs. The SOC 3 report, attested by the same auditors who verified Azion’s controls for SOC 2 Type 2, outlines information related to Azion’s internal controls for security and availability, and can be obtained by Azion customers by reaching out to the Azion Support Team.
What this means for Azion customers?
SOC 2 Type 2 and SOC 3 designations can be used to simplify your audits and to ensure the security level of the Azion Edge Computing Platform services you use.
Frequently asked questions
- Who performs the independent audit of Azion for its SOC 2 Type 2 and SOC 3 reports?
Azion’s SOC 2 Type 2 and SOC 3 reports covering the Security and Availability trust service principles are generated by third-party assessors.
- How often are the Azion SOC 2 and SOC 3 reports issued?
Azion’s SOC 2 and SOC 3 reports are issued annually. Customers with Enterprise or Mission Critical Service Plans can reach out to the Azion Support Team to request more information.
- Which Azion products and world regions are covered?
Azion’s SOC 2 and SOC 3 reports cover the entire edge platform, which includes the Edge Application product and its add-ons (Application Accelerator, Edge Cache, Edge Functions, and Load Balancer) and the Edge Firewall product and its add-ons (DDoS Protection, Network Layer Protection, Web Application Firewall - WAF, and Origin Shield), in all regions where it’s deployed. Presently, Azion is deployed on six continents.
- Does Azion have certificates of SOC 2 and SOC 3 compliance?
There is no certificate of compliance for SOC 2. Rather, qualified third-party assessors produce a report on compliance for the assessed organization, attesting to the trustworthiness of services provided by the organization. For SOC 3, Azion customers with Mission Critical support plans may request a copy of the report through the Azion Support Team.