Metallic® SaaS Security & Compliance Overview
Built on industry-leading Commvault® technology with the power of Microsoft Azure
Metallic offers a multi-layered approach to data protection and security. With built-in hardened security protocols such as multifactor authentication, advanced data encryption, and zero-trust user access controls, Metallic prevents unwarranted access to systems and data. Data backup data copies are also stored in isolated and virtually air-gapped locations outside of source data, ensuring backups are immutable, highly available, and safe from malicious attack.
Metallic meets the most stringent confidentiality, integrity, and availability standards set by government agencies and enterprises alike, along with critical compliance certifications.
Special Notice: Log4J Advisory
With the recent discovery of the Log4j vulnerabilities as disclosed in CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, the Metallic team has performed an extensive security assessment and threat analysis.
We have found that the Log4j vulnerability has no impact on Metallic or the security and privacy of your data backups. Metallic does not use the impacted libraries as per the advisories.
We will continue to proactively monitor and provide any further updates, while customers with questions can reach out to Metallic.io/support.
Updated December 23, 2021
Industry Standards and Certifications
ISO Certified
Metallic is ISO 27001 and SOC2 Type II compliant.
AICPA SOC
Type II Certified
CJIS
(Criminal Justice Information Systems) Security Policy Compliant
FIPS
FIPS 140-2 Compliant
FedRAMP
High Ready
PCI Certified
.
HIPAA
Health Insurance Portability and Accountability Act (HIPAA) Compliant
Metallic and GDPR Compliance
Metallic is committed to supporting our customer’s compliance with GDPR, and prioritizes the privacy and security of the data we protect with our entire product suite. When Metallic provides services to our customers as a data processor on their behalf, we will ensure that we comply with the specific requirements for data processors. When we appoint third parties to act as sub-processors, we’ll also ensure that we have appropriate terms in place to comply with the GDPR and safeguard customer’s data.
- GDPR requirements related to usage of the Metallic Offering.
- View Metallic’s Data Processing Addendum.
Metallic Security Whitepaper
The Metallic Security Whitepaper provides additional information on the Metallic architecture, features and functionality, and sophisticated approach to security and compliance.
Power of Azure Security
Built as a cloud-native solution leveraging the best of Azure PaaS and native services, Metallic harnesses the durability and security of the Microsoft Cloud. Azure is backed by more than 3,500 cyber security experts, with more than 90 compliance certifications. The combination of Metallic and Azure means trusted data protection at any scale. Find Azure security documentation here.