Compliance at Aqua

The Aqua Security compliance program aims to meet our customers compliance needs. We undergo independent third-party audits and certify our company, products, and services against ISO/IEC 27001:2013, SOC 2 Type II and more.

Compliance at Aqua

ISO 27001
Aqua Security, our products and services are certified according to the ISO/IEC 27001:2013 standard. This means that our internal ISMS (Information Security Management System) fulfills the strict requirements of the international standard, which encompasses confidentiality, integrity and availability of information.
SOC 2 Type II
Aqua Security undergoes SOC 2 audit on the annual basis. The audit includes the examination of the company as a whole and Aqua Security services and products. Each audit reviews and validates the adequacy of our Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality and Privacy.
Aqua is in process of achieving the exclusive high impact authorization, which includes more than 400 security controls and standards, to validate that the solution meets the security requirements necessary to protect the federal government’s most sensitive unclassified data in cloud computing environments.

Compliance FAQs

What is ISO 27001?

The International Organization for Standardization (ISO) is an independent, non-governmental international organization with an international membership of 163 national standards bodies. ISO 27001 focuses on establishing, implementing, maintaining, and improving an information security management system (ISMS). It is the best-known compliance standard within the ISO/IEC 27000 family of standards, which covers the overall safety of information assets. By maintaining compliance with ISO 27001 controls, an organization of any size in any business sector can help protect digital information such as intellectual property, financial information, employee details, and more.

What does ISO 27001 certification mean?

In short, it means that Aqua Security has a strong information security management system in place. During the certification process our organization was assessed end-to-end, including but not limited to the processes related to: Information Security, IT, Human Resources, R&D, Q&A, DevOps & Site Resilience Engineering, Support, Administration and others. Achieving the ISO 27001 certification for Aqua Security was the result of methodical effort and involvement of every Aqua team member around the globe. We are constantly challenging ourselves to improve our services and provide the highest security and user privacy standards to meet and exceed our customers’ needs and expectations. Important to mention, that as a cloud-native company, our cloud providers and partners comply with the standard, which makes our services, products and solutions ISO 27001 certified end-to-end.

What is FedRAMP® In Process?

FedRAMP In Process status demonstrates to our community, current customers, and potential clients that we are nearing FedRAMP approval and actively undergoing a stringent government evaluation.

What is SOC 2 Type II?

Defined by the American Institute of Certified Public Accountants (AICPA) and intended for use by service organizations (organizations that provide information systems as a service to other organizations). SOC 2 – describes Trust Services Criteria; Type II – describes a service organization’s systems and whether the design of specified controls meets the relevant trust principles and addresses the operational effectiveness of the specified controls over a period of time. These reports are intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service organization relevant to security, availability, and processing integrity of the systems the service organization uses to process users’ data and the confidentiality and privacy of the information processed by these systems.