Welcome to Acquia's Security Portal; notice we have three portals via the dropdown above. Please select the portal you are interested in.
Our commitment to data privacy and security is embedded in every part of our business. Use this portal to learn about our security posture and request access to our security documentation.
This portal is for our Acquia Cloud Platform and supporting products like Search, Email, Code Studio, Edge and Site Studio offerings.
Compliance











Documents
Risk Profile
Product Security
Reports
Self-Assessments
Data Security
App Security
Legal
Data Privacy
Access Control
Infrastructure
Endpoint Security
Network Security
Corporate Security
Policies
Security Grades

Trust Center Updates
Acquia is aware of the ongoing Rapid Reset vulnerability and is monitoring for upcoming patches and threats facing our systems. For Acquia Cloud hosted sites, Acquia continues to maintain that a WAF is the best protection against DDoS threats including Rapid Reset. Acquia Cloud Edge is one such option but many others can be used. Security Operations will continue to monitor all products in our portfolio for available patches and update our systems accordingly.
The Acquia Cloud Next PCI DSS Attestation of Compliance is now available for review. For clients who procure the Acquia Cloud PCI Compliant Hosting, find the new AOC available for the next generation hosting. Your environment will be scheduled to move to at a time and date to be determined. Reach out to your account team with any questions.
The Acquia Cloud Next SOC2T1 assessment report is now available for review. The next SOC2 assessment for Acquia Cloud Next will be a Type 2 assessment and is scheduled to be included in the larger Acquia SOC2T2 report in Q4 of 2023 to cover the period January through December of 2023.
Acquia Cloud Next is actively following the compliance roadmap and the first compliance assessment report has been published on our security portal. For clients exploring/planning or having already migrated to our Acquia Cloud Next platform this ISO27001 Assessment Report is for you. The SOC2T1 assessment has concluded and is actively undergoing partner review by our third party auditor and is due to be issued shortly. Look for a follow on update when that is available.
The 2023 PCI DSS 3.2.1 AOC for Acquia Cloud Classic is now available for clients procuring our Acquia Cloud PCI Compliant hosting.
The 2022 SOC2 Type 2 report for the period January 1, 2022 through December 31, 2022 has been published on the trust center. This report scope includes the products in Marketing Cloud (Campaign Studio/Campaign Factory, Personalization, Customer Data Platform) and Drupal Cloud Classic (ACE Classic, Site Factory, Email, Search, Pipelines, Site Studio, Content Hub, Cloud IDE).
The Acquia Cloud Next SOC2 Type 1 audit is actively underway.
The 2022 SOC1 Type 2 report for the period January 1, 2022 through December 31, 2022 has been published on the trust center. This report scope includes the products in Marketing Cloud (Campaign Studio/Campaign Factory, Personalization, Customer Data Platform) and Drupal Cloud Classic (ACE Classic, Site Factory, Email, Search, Pipelines, Site Studio, Content Hub, Cloud IDE).
The 2022 SOC2 Type 2 report is going through the final stages of third party quality review.
The Acquia Cloud Next SOC2 Type 1 audit is pending.
If you think you may have discovered a vulnerability, please send us a note.