You appear to be offline. Some site functionality may not work.

Compliance at the Edge: Fastly delivers SOC 2 Type 2 for entire platform

Oct 16, 2018

At Fastly, we recognize that our edge cloud platform is an extension of your critical infrastructure and data flows. That means you may rightfully have questions about how we protect the data you share with us and how we can support your own security and compliance obligations. We view meeting those needs as part of our core values of transparency and trustworthiness.

Fastly’s Security and Engineering teams, as well as other departments across the company, continually iterate on our security program to better meet growing customer needs, updated regulatory requirements, and the evolving security threat landscape. To help validate the controls that safeguard our platform and the data moving through it, we have gradually added to our portfolio of security and compliance-related assessments and certifications. We started back in 2014 with our Level 1 Service Provider Attestation of Compliance for the Payment Card Industry Data Security Standard (PCI DSS), and over time, we’ve added our Privacy Shield certification and, more recently, an independent third-party assessment of our controls against the General Data Protection Regulation (GDPR).

Today, we are happy to announce that Fastly has completed a Service Organization Control 2 (SOC 2) Type 2 examination for the management and monitoring of our edge cloud platform. As part of a SOC 2 examination, an independent third party validates a service provider’s systems and processes against an established set of security-related criteria. Providing SOC 2 attestation reports to customers has become a ubiquitous, industry standard way for cloud providers to substantiate how they protect and manage their services and the data that flows through them.

SOC 2 examinations and attestation reports come in two flavors. A Type 1 examination validates the design of controls at a point in time. Type 2 examinations confirm both the design and operation of those controls over a defined review period. Last year, we completed a Type 1 examination and have been quietly working toward obtaining our first Type 2 report in 2018.

Our SOC 2 examination covers the Security and Availability principles within the Trust Services Criteria and applies to our entire public platform, giving you assurance that we safeguard your content consistently, no matter where it goes in our network. This approach aligns with our philosophy of having a single, configurable platform that can accommodate content delivery use cases across a spectrum of compliance needs.

We hope the addition of SOC 2 reports to our compliance portfolio enhances your confidence in Fastly and our commitment to trustworthy handling of your services and content.

Author

Brandon Hsieh | Director of Technology Compliance

As Director of Technology Compliance at Fastly, Brandon helps align technology and data management processes with audit requirements, customer expectations, and DevOps conventions. He has previously worked at companies like Ernst & Young and American Express, holding positions ranging from external auditor to internal advisor at various points in his career. Brandon holds a BS in Management Information Systems from Brigham Young University.