Acquia Trust Center

Start your security review
View & download sensitive information
Ask for information

Overview

Trust Alliance Logo

Welcome to Acquia's Security Portal; notice we have three portals via the dropdown above. Please select the portal you are interested in.

Our commitment to data privacy and security is embedded in every part of our business. Use this portal to learn about our security posture and request access to our security documentation.

This portal is for our Acquia Cloud Platform and supporting products like Search, Email, Code Studio, Edge and Site Studio offerings.

Compliance

CCPA Logo
CCPA
CPRA Logo
CPRA
CSA STAR Logo
CSA STAR
EU-US DPF Logo
EU-US DPF
FedRAMP Moderate Logo
FedRAMP Moderate
FERPA Logo
FERPA
GDPR Logo
GDPR
HIPAA Logo
HIPAA
ISO 27001 Logo
ISO 27001
ISO 27001 SoA Logo
ISO 27001 SoA
LGPD Logo
LGPD
PCI DSS Logo
PCI DSS
PIPEDA Logo
PIPEDA
Privacy Shield Logo
Privacy Shield
SOC 1 Logo
SOC 1
SOC 2 Logo
SOC 2
TX-RAMP Logo
TX-RAMP
VCDPA Logo
VCDPA
Start your security review
View & download sensitive information
Ask for information

Acquia is reviewed and trusted by

Johnson & JohnsonJohnson & Johnson
Internal Revenue ServiceInternal Revenue Service
BayerBayer
Conagra BrandsConagra Brands
Blue Cross Blue Shield AssociationBlue Cross Blue Shield Association
NovartisNovartis
Shake ShackShake Shack
PegasystemsPegasystems
NovavaxNovavax
City of Los AngelesCity of Los Angeles
Fannie MaeFannie Mae
Charles SchwabCharles Schwab

Documents

CSA STAR
ISO 27001
SOC 1
SOC 2
CAIQ
HECVAT Full
SIG Core
Financials
Other Documents
Pentest Report
Security Whitepaper
FedRAMP Moderate
ISO 27001 SoA
PCI DSS
Cyber Insurance
W9
BC/DR
General Incident Response Policy
Information Security Policy

Risk Profile

Data Access LevelInternal
Impact LevelSevere
Recovery Time Objective1 hour
View more

Product Security

Audit Logging
Data Security
Integrations
View more

Reports

Financials
HIPAA Report
Network Diagram
View more

Self-Assessments

CAIQ
HECVAT Full
SIG Core

Data Security

Access Monitoring
Backups Enabled
Data Erasure
View more

App Security

Responsible Disclosure
Code Analysis
Credential Management
View more

Legal

Subprocessors
Cyber Insurance
Data Processing Agreement
View more

Data Privacy

Cookies
Data Breach Notifications
Data Into System
View more

Access Control

Data Access
Logging
Password Security

Infrastructure

Status Monitoring
Amazon Web Services
Anti-DDoS
View more

Endpoint Security

Disk Encryption
Endpoint Detection & Response
Threat Detection

Network Security

DNSSEC
Firewall
IDS/IPS
View more

Corporate Security

Email Protection
Employee Training
HR Security
View more

Policies

Acceptable Use Policy
Access Control Policy
Anti-Malicious Software Policy
View more

Security Grades

SecurityScorecard
Acquia
Security Scorecard A grade
ImmuniWeb
acquia.com
A
Qualys SSL Labs
acquia.com
A
View more

Trust Center Updates

CVE-2023-44487 -- HTTP/2 Rapid Reset

VulnerabilitiesCopy link

Acquia is aware of the ongoing Rapid Reset vulnerability and is monitoring for upcoming patches and threats facing our systems. For Acquia Cloud hosted sites, Acquia continues to maintain that a WAF is the best protection against DDoS threats including Rapid Reset. Acquia Cloud Edge is one such option but many others can be used. Security Operations will continue to monitor all products in our portfolio for available patches and update our systems accordingly.

Published at N/A

2023 Acquia Cloud Next (ACN) Compliance Journey

ComplianceCopy link

The Acquia Cloud Next PCI DSS Attestation of Compliance is now available for review. For clients who procure the Acquia Cloud PCI Compliant Hosting, find the new AOC available for the next generation hosting. Your environment will be scheduled to move to at a time and date to be determined. Reach out to your account team with any questions.

Published at N/A

The Acquia Cloud Next SOC2T1 assessment report is now available for review. The next SOC2 assessment for Acquia Cloud Next will be a Type 2 assessment and is scheduled to be included in the larger Acquia SOC2T2 report in Q4 of 2023 to cover the period January through December of 2023.

Published at N/A

Acquia Cloud Next is actively following the compliance roadmap and the first compliance assessment report has been published on our security portal. For clients exploring/planning or having already migrated to our Acquia Cloud Next platform this ISO27001 Assessment Report is for you. The SOC2T1 assessment has concluded and is actively undergoing partner review by our third party auditor and is due to be issued shortly. Look for a follow on update when that is available.

Published at N/A

2023 PCI DSS 3.2.1 Release

ComplianceCopy link

The 2023 PCI DSS 3.2.1 AOC for Acquia Cloud Classic is now available for clients procuring our Acquia Cloud PCI Compliant hosting.

Published at N/A

2022 SOC2 Type 2 Release

ComplianceCopy link

The 2022 SOC2 Type 2 report for the period January 1, 2022 through December 31, 2022 has been published on the trust center. This report scope includes the products in Marketing Cloud (Campaign Studio/Campaign Factory, Personalization, Customer Data Platform) and Drupal Cloud Classic (ACE Classic, Site Factory, Email, Search, Pipelines, Site Studio, Content Hub, Cloud IDE).

The Acquia Cloud Next SOC2 Type 1 audit is actively underway.

Published at N/A

2022 SOC1 Type 2 Release

ComplianceCopy link

The 2022 SOC1 Type 2 report for the period January 1, 2022 through December 31, 2022 has been published on the trust center. This report scope includes the products in Marketing Cloud (Campaign Studio/Campaign Factory, Personalization, Customer Data Platform) and Drupal Cloud Classic (ACE Classic, Site Factory, Email, Search, Pipelines, Site Studio, Content Hub, Cloud IDE).

The 2022 SOC2 Type 2 report is going through the final stages of third party quality review.

The Acquia Cloud Next SOC2 Type 1 audit is pending.

Published at N/A

If you think you may have discovered a vulnerability, please send us a note.

Report Issue
Powered bySafeBase Logo