Fastly believes in providing the right security for its customers and regularly measuring our security program. We maintain audits and supporting documentation for the following regulatory and audit standards.
ISO/IEC 27001:2013: Fastly is certified to the ISO/IEC 27001:2013 standard for its Information Security Management System (ISMS). You can view our report here.
SOC 2 Type 2: Fastly is audited against the Trust Service Criteria for Security and Availability as established by the AICPA.
GDPR: Fastly is audited against key articles of the General Data Protection Regulation, mapped to data protection and privacy controls for Fastly as a data processor.
PCI DSS: Fastly is Payment Card Industry Data Security Standard (PCI DSS) compliant as a Level 1 Service Provider. For customers using Fastly’s Network services, Compute, or Observability products, our PCI-compliant caching product allows customers to configure their services in accordance with our PCI DSS Attestation of Compliance. For customers using the Fastly Next-Gen WAF, this product is included in our Level 1 Service Provider scope for Edge and Core deployments.
HIPAA: Fastly is audited against relevant sections of the Security and Privacy Rules of the Healthcare Insurance Portability and Accessibility Act (HIPAA). Customers can configure their services using our HIPAA-compliant caching product to support their compliance with these requirements.
If you are a Fastly customer, you can request these audit reports via your customer success point of contact. Prospective customers may request these reports through our sales team under a non-disclosure agreement.