Compliance

Fastly believes in providing the right security for its customers and regularly measuring our security program. We maintain audits and supporting documentation for the following regulatory and audit standards.

ISO/IEC 27001:2013: Fastly is certified to the ISO/IEC 27001:2013 standard for its Information Security Management System (ISMS). You can view our certificate here.

SOC 2 Type 2: Fastly is audited against the Trust Service Criteria for Security and Availability as established by the AICPA.  

GDPR:  Fastly is audited against key articles of the General Data Protection Regulation, mapped to data protection and privacy controls for Fastly as a data processor. 

PCI DSS: Fastly is Payment Card Industry Data Security Standard (PCI DSS) compliant as a Level 1 Service Provider. For customers using Fastly’s Network services, Compute, or Observability products, our PCI-compliant caching product allows customers to configure their services in accordance with our PCI DSS Attestation of Compliance. For customers using the Fastly Next-Gen WAF, this product is included in our Level 1 Service Provider scope for Edge and Core deployments.

HIPAA:  Fastly is audited against relevant sections of the Security and Privacy Rules of the Healthcare Insurance Portability and Accessibility Act (HIPAA). Customers can configure their services using our HIPAA-compliant caching product to support their compliance with these requirements.

If you are a Fastly customer, you can request these audit reports via your customer success point of contact. Prospective customers may request these reports through our sales team under a non-disclosure agreement.

Ready to get started?

Get in touch or create an account.