Security and Compliance

Commvault Cloud is committed to ensuring the security of your data at every level. Commvault Cloud is built on Microsoft Azure, the cloud platform leading the industry in compliance with over 90 certifications.


A-lign, an independent, third-party auditor, found Commvault Cloud to have technical controls in place and formalized IT Security policies and procedures. A-lign is an ISO / IEC 27001 certification body accredited by the ANSI-ASQ National Accreditation Board (ANAB) to perform ISMS 27001 certifications.


CJIS Compliant

Criminal Justice Information Services (CJIS) dictates data security standards for organization and professionals working with, handling, or storing criminal justice, and law enforcement-centric data (includes local, state, and federal levels).

Security and Compliance (2)


Commvault Cloud Government Cloud solutions have achieved FedRAMP High Ready status. For more information, go to Commvault Cloud Government Cloud on the Commvault Cloud site.

FedRAMP logo


Commvault Cloud supports our customers’ compliance with the General Data Protection Regulation (GDPR). For information about Commvault Cloud and GDPR compliance, see Commvault Cloud and GDPR Readiness.

HIPAA Compliant

Health Insurance Portability and Accountability Act (HIPAA) regulates the use and disclosure of protected health information, preventing unauthorized use or theft of sensitive patient data.

Security and Compliance (5)


Infosec Registered Assessor Program (IRAP) is a security assessment framework for systems, services, and applications working with Australian government agencies and organizations.



Commvault Systems, Inc. is an ISO.IEC 27001:2013 certified provider whose Information Security Management System (ISMS) has received third-party accreditation from the International Standards Organization. The scope of our ISO/IEC 27001:2013 certification includes the Commvault offering Commvault Cloud.


PCI Certified

Payment Card Industry Data Security Standard (PCI DSS) provides standards and criteria to ensure that all companies who accept, process, store, or transmit credit card information adhere to and maintain specific security standards within their environment.

Security and Compliance (4)

SOC 2: Type II Certified

SOC 2: Type II assesses a cloud service providers ability to create and follow strict information security policies covering the principles of Availability, Processing Integrity, Confidentiality, Privacy and Overall Security.

Security and Compliance (1)

Data Encryption

Commvault Cloud SaaS Backup offers integrated encryption of data in flight and data at rest. Whether data is stored on user devices, in SaaS applications, or across on-premises and cloud environments, Commvault Cloud provides comprehensive coverage to safeguard your data from today’s data loss threats.

Commvault Cloud uses the Azure Blob Storage for the cloud library that gets created in the backend. The Azure Blob Storage uses 256-bit AES encryption standard to encrypt the data in the cloud. The 256-bit AES encryption is one of the strongest block ciphers available and is FIPS 140-2 compliant. Azure Storage encryption is similar to BitLocker encryption on Windows. For more information, see Azure Storage encryption for data at rest.