Compliance at Aqua

The Aqua Security compliance program aims to meet our customers compliance needs. We undergo independent third-party audits and certify our company, products, and services against ISO/IEC 27001:2022, SOC 2 Type II and more.

Compliance at Aqua

FedRAMP®
Aqua is officially authorized at the highest impact level, meeting over 400 security controls and standards. This authorization confirms that our solution adheres to the rigorous security requirements necessary to protect the federal government’s most sensitive unclassified data in cloud computing environments.

See on the FedRAMP Marketplace

ISO 27001
Aqua Security, our products and services are certified according to the ISO/IEC 27001:2022 standard. This means that our internal ISMS (Information Security Management System) fulfills the strict requirements of the international standard, which encompasses confidentiality, integrity and availability of information.
ISO 27701
Aqua Security is ISO/IEC 27701:2019 certified, reflecting our adherence to international standards for privacy information management. This certification extends our ISO/IEC 27001 framework to include robust controls for processing and protecting personally identifiable information (PII), ensuring compliance with global data protection regulations such as GDPR.
ISO 27017
Aqua Security is ISO/IEC 27017:2015 (Cloud service security) certified, highlighting our compliance with stringent international standards for cloud security. This certification validates our robust controls and practices to ensure the confidentiality, integrity, and availability of customer data in cloud environments.
ISO 27018
Aqua Security is ISO/IEC 27018:2019 (Privacy protection in the cloud) certified, demonstrating our compliance with international standards for protecting personal data in the cloud. This certification underscores our commitment to handling personal information with the highest standards of confidentiality, security, and privacy, ensuring trust and compliance for our customers.
ISO 42001
Aqua Security is ISO/IEC 42001 certified, reflecting our adherence to the international standard for Artificial Intelligence Management Systems (AIMS). This certification demonstrates our structured approach to governing AI technologies through defined policies, risk management processes, accountability frameworks, and continuous monitoring. It reinforces our commitment to responsible AI development and use, ensuring transparency, security, and ethical considerations are embedded throughout the AI lifecycle. By aligning with ISO/IEC 42001, Aqua strengthens its ability to manage AI-related risks through a comprehensive and systematic governance framework.
SOC 2 Type II
Aqua Security undergoes SOC 2 audit on the annual basis. The audit includes the examination of the company as a whole and Aqua Security services and products. Each audit reviews and validates the adequacy of our Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality and Privacy.

Contact us to learn more

CSA STAR Level 1
Aqua Security participates in the Cloud Security Alliance (CSA) Security, Trust & Assurance Registry (STAR) Self-Assessment, voluntarily documenting our adherence to CSA's established best practices. Our completed CSA Consensus Assessments Initiative Questionnaire (CAIQ) is published and publicly accessible.

Certification details

Environmental, Social & Governance (ESG)
Our commitment to Environmental, Social, and Governance (ESG) principles reflects our responsibility to operate ethically, reduce our environmental impact, support our people and communities, and uphold strong governance standards. We approach ESG with the same integrity and care we bring to protecting our customers’ cloud environments - proactively, transparently, and with long-term impact in mind.

Aqua ESG Policy

Compliance FAQs
What does ISO 27001 certification mean?

ISO 27001 focuses on establishing, implementing, maintaining, and improving an information security management system (ISMS). It is the best-known compliance standard within the ISO/IEC 27000 family of standards, which covers the overall safety of information assets. By maintaining compliance with ISO 27001 controls, an organization of any size in any business sector can help protect digital information such as intellectual property, financial information, employee details, and more. During the certification process our organization was assessed end-to-end, including but not limited to the processes related to: Information Security, IT, Human Resources, R&D, Q&A, DevOps & Site Resilience Engineering, Support, Administration and others. Achieving the ISO 27001 certification for Aqua Security was the result of methodical effort and involvement of every Aqua team member around the globe. We are constantly challenging ourselves to improve our services and provide the highest security and user privacy standards to meet and exceed our customers’ needs and expectations. Important to mention, that as a cloud-native company, our cloud providers and partners comply with the standard, which makes our services, products and solutions ISO 27001 certified end-to-end.

What does ISO 27017 certification mean?

ISO/IEC 27017 demonstrates Aqua Security’s adherence to the highest cloud security standards. This certification validates our robust cloud security practices, including risk management, data confidentiality, and operational integrity. It reflects our commitment to delivering secure, resilient solutions and continuously improving our security measures.

What does ISO 27018 certification mean?

ISO/IEC 27018 highlights Aqua Security’s commitment to protecting customer privacy and safeguarding personal data in the cloud. This certification verifies our stringent practices for ensuring the confidentiality and privacy of personally identifiable information (PII). It reinforces our dedication to upholding the highest data protection standards and maintaining customer trust.

What is SOC 2 Type II?

Defined by the American Institute of Certified Public Accountants (AICPA) and intended for use by service organizations (organizations that provide information systems as a service to other organizations). SOC 2 – describes Trust Services Criteria; Type II – describes a service organization’s systems and whether the design of specified controls meets the relevant trust principles and addresses the operational effectiveness of the specified controls over a period of time. These reports are intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service organization relevant to security, availability, and processing integrity of the systems the service organization uses to process users’ data and the confidentiality and privacy of the information processed by these systems.

Need to secure enterprise workloads?
Aqua Cloud Native Application Protection Platform (CNAPP)
Go cloud native with the experts!
Get Demo
Aqua Security is the pioneer in securing containerized cloud native applications from development to production. Aqua's full lifecycle solution prevents attacks by enforcing pre-deployment hygiene and mitigates attacks in real time in production, reducing mean time to repair and overall business risk. The Aqua Platform, a Cloud Native Application Protection Platform (CNAPP), integrates security from Code to Cloud, combining the power of agent and agentless technology into a single solution. With enterprise scale that doesn’t slow development pipelines, Aqua secures your future in the cloud. Founded in 2015, Aqua is headquartered in Boston, MA and Ramat Gan, IL protecting over 500 of the world’s largest enterprises.
Read Aqua Security reviews on G2

Use Cases

Environments

Partners

Resources

About Us

Get in Touch

Products

Get Started
Copyright © 2026 Aqua Security Software Ltd.   Privacy Policy | Terms of Use | Cookie Policy | Your Privacy Choices |  
Accessibility Tools
Normal text size Medium text size Large text size
Normal display Black & White display High contrast display
Stop transitions and animations Underline Links