No matter where your data is or where you want to store it, Metallic has a solution.
Security and Compliance
Metallic is committed to ensuring the security of your data at every level. Metallic is built on Microsoft Azure, the cloud platform leading the industry in compliance with over 90 certifications.
A-lign, an independent, third-party auditor, found Metallic to have technical controls in place and formalized IT Security policies and procedures. A-lign is an ISO / IEC 27001 certification body accredited by the ANSI-ASQ National Accreditation Board (ANAB) to perform ISMS 27001 certifications.
Criminal Justice Information Services (CJIS) dictates data security standards for organization and professionals working with, handling, or storing criminal justice, and law enforcement-centric data (includes local, state, and federal levels).
Metallic Government Cloud solutions have achieved FedRAMP High Ready status. For more information, go to Metallic Government Cloud on the Metallic site.
FIPS 140-2 Compliant
Federal Information Processing Standard (FIPS) 140-2 is an information technology security accreditation program validating the cryptographic modules for encryption and document processing and is commonly required by government agencies, contractors working with government agencies, and private businesses handling sensitive data.
Metallic supports our customers’ compliance with the General Data Protection Regulation (GDPR). For information about Metallic and GDPR compliance, see Metallic and GDPR Readiness.
Health Insurance Portability and Accountability Act (HIPAA) regulates the use and disclosure of protected health information, preventing unauthorized use or theft of sensitive patient data.
Commvault Systems, Inc. is an ISO.IEC 27001:2013 certified provider whose Information Security Management System (ISMS) has received third-party accreditation from the International Standards Organization. The scope of our ISO/IEC 27001:2013 certification includes the Commvault offering Metallic.
Payment Card Industry Data Security Standard (PCI DSS) provides standards and criteria to ensure that all companies who accept, process, store, or transmit credit card information adhere to and maintain specific security standards within their environment.
SOC 2: Type II Certified
SOC 2: Type II assesses a cloud service providers ability to create and follow strict information security policies covering the principles of Availability, Processing Integrity, Confidentiality, Privacy and Overall Security.
Metallic SaaS Backup offers integrated encryption of data in flight and data at rest. Whether data is stored on user devices, in SaaS applications, or across on-premises and cloud environments, Metallic provides comprehensive coverage to safeguard your data from today’s data loss threats.
Metallic uses the Azure Blob Storage for the cloud library that gets created in the backend. The Azure Blob Storage uses 256-bit AES encryption standard to encrypt the data in the cloud. The 256-bit AES encryption is one of the strongest block ciphers available and is FIPS 140-2 compliant. Azure Storage encryption is similar to BitLocker encryption on Windows. For more information, see Azure Storage encryption for data at rest.