Metallic Documentation

Updated

No matter where your data is or where you want to store it, Metallic has a solution.

Security and Compliance

Metallic is committed to ensuring the security of your data at every level. Metallic is built on Microsoft Azure, the cloud platform leading the industry in compliance with over 90 certifications.

A-lign

A-lign, an independent, third-party auditor, found Metallic to have technical controls in place and formalized IT Security policies and procedures. A-lign is an ISO / IEC 27001 certification body accredited by the ANSI-ASQ National Accreditation Board (ANAB) to perform ISMS 27001 certifications.

CJIS Compliant

Criminal Justice Information Services (CJIS) dictates data security standards for organization and professionals working with, handling, or storing criminal justice, and law enforcement-centric data (includes local, state, and federal levels).

FedRAMP

Metallic Government Cloud solutions have achieved FedRAMP High Ready status. For more information, go to Metallic Government Cloud on the Metallic site.

FIPS 140-2 Compliant

Federal Information Processing Standard (FIPS) 140-2 is an information technology security accreditation program validating the cryptographic modules for encryption and document processing and is commonly required by government agencies, contractors working with government agencies, and private businesses handling sensitive data.

GDPR

Metallic supports our customers’ compliance with the General Data Protection Regulation (GDPR). For information about Metallic and GDPR compliance, see Metallic and GDPR Readiness.

ISO

Commvault Systems, Inc. is an ISO.IEC 27001:2013 certified provider whose Information Security Management System (ISMS) has received third-party accreditation from the International Standards Organization. The scope of our ISO/IEC 27001:2013 certification includes the Commvault offering Metallic.

PCI Certified

Payment Card Industry Data Security Standard (PCI DSS) provides standards and criteria to ensure that all companies who accept, process, store, or transmit credit card information adhere to and maintain specific security standards within their environment.

SOC 2: Type II Certified

SOC 2: Type II assesses a cloud service providers ability to create and follow strict information security policies covering the principles of Availability, Processing Integrity, Confidentiality, Privacy and Overall Security.

Data Encryption

Metallic SaaS Backup offers integrated encryption of data in flight and data at rest. Whether data is stored on user devices, in SaaS applications, or across on-premises and cloud environments, Metallic provides comprehensive coverage to safeguard your data from today’s data loss threats.

Metallic uses the Azure Blob Storage for the cloud library that gets created in the backend. The Azure Blob Storage uses 256-bit AES encryption standard to encrypt the data in the cloud. The 256-bit AES encryption is one of the strongest block ciphers available and is FIPS 140-2 compliant. Azure Storage encryption is similar to BitLocker encryption on Windows. For more information, see Azure Storage encryption for data at rest.