Compliance at Aqua

The International Organization for Standardization (ISO) is an independent, non-governmental international organization with an international membership of 163 national standards bodies. ISO 27001 focuses on establishing, implementing, maintaining, and improving an information security management system (ISMS). It is the best-known compliance standard within the ISO/IEC 27000 family of standards, which covers the overall safety of information assets. By maintaining compliance with ISO 27001 controls, an organization of any size in any business sector can help protect digital information such as intellectual property, financial information, employee details, and more.

In short, it means that Aqua Security has a strong information security management system in place. During the certification process our organization was assessed end-to-end, including but not limited to the processes related to: Information Security, IT, Human Resources, R&D, Q&A, DevOps & Site Resilience Engineering, Support, Administration and others. Achieving the ISO 27001 certification for Aqua Security was the result of methodical effort and involvement of every Aqua team member around the globe. We are constantly challenging ourselves to improve our services and provide the highest security and user privacy standards to meet and exceed our customers’ needs and expectations. Important to mention, that as a cloud-native company, our cloud providers and partners comply with the standard, which makes our services, products and solutions ISO 27001 certified end-to-end.

ISO/IEC 27017 demonstrates Aqua Security’s adherence to the highest cloud security standards. This certification validates our robust cloud security practices, including risk management, data confidentiality, and operational integrity. It reflects our commitment to delivering secure, resilient solutions and continuously improving our security measures.

ISO/IEC 27018 highlights Aqua Security’s commitment to protecting customer privacy and safeguarding personal data in the cloud. This certification verifies our stringent practices for ensuring the confidentiality and privacy of personally identifiable information (PII). It reinforces our dedication to upholding the highest data protection standards and maintaining customer trust.

Defined by the American Institute of Certified Public Accountants (AICPA) and intended for use by service organizations (organizations that provide information systems as a service to other organizations). SOC 2 – describes Trust Services Criteria; Type II – describes a service organization’s systems and whether the design of specified controls meets the relevant trust principles and addresses the operational effectiveness of the specified controls over a period of time. These reports are intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service organization relevant to security, availability, and processing integrity of the systems the service organization uses to process users’ data and the confidentiality and privacy of the information processed by these systems.

FedRAMP In Process status demonstrates to our community, current customers, and potential clients that we are nearing FedRAMP approval and actively undergoing a stringent government evaluation.