About Compliance reports
The Compliance reports area of the Fastly control panel provides downloadable audit evidence representing Fastly's compliance certifications. These reports are intended to support your organization's audit and governance review processes.
These compliance reports describe Fastly's own compliance posture. They do not certify that your organization's configuration or use of Fastly services meets any regulatory or compliance requirement.
NOTE: Compliance reports are confidential and are not to be distributed outside of your organization's internal audit, legal, and governance review processes.
Downloading a compliance report
All compliance reports are available in PDF format. To download a report, follow these steps.
- Log in to the Fastly control panel.
- Go to Account > Compliance reports.
- Locate the report you want to download. Use the search field to filter by name if needed.
- Click the download icon
to the right of the report. The report is downloaded and the download action appears in the Audit log noting the user and timestamp of the event.
Report categories
The Compliance reports area includes a table of reports across the following categories. Individual report titles may vary over time as reports are updated or reissued.
- GDPR. Reports related to Fastly's data protection practices under the General Data Protection Regulation (GDPR), the EU framework governing how personal data is processed, transferred, and protected.
- SOC 2. Reports from an independent auditor assessing Fastly's controls related to security, availability, processing integrity, confidentiality, and privacy. System and Organization Controls 2 (SOC 2) Type 1 reports describe controls as designed at a point in time. SOC 2 Type 2 reports describe how those controls operated over a defined period. Bridge letters cover periods between formal audits.
- PCI DSS. Reports related to Fastly's compliance with the Payment Card Industry Data Security Standard (PCI DSS), the security standard governing environments that store, process, or transmit payment card data.
- HIPAA. Reports related to Fastly's controls for protecting electronic protected health information (ePHI) in accordance with the Health Insurance Portability and Accountability Act (HIPAA), the US healthcare security and privacy requirements.
- ISO 27001. Reports related to Fastly's information security management system (ISMS) certification under the International Organization for Standardization's ISO 27001 standard.
Understanding report dates
Reports in the Compliance reports table typically include the following date fields:
| Field | Description |
|---|---|
| Report date | The date the report was issued |
| Start date | The beginning of the period the report covers |
| End date | The end of the period the report covers |
| Last updated | The date the report was most recently updated in the Fastly control panel |
