Acquia Strengthens Security Stance with ISO 27001 InfoSec Management Certification [Jan. 12, 2016]

Independent Audit Recognizes Global Digital Experience Provider’s Commitment to Security

BOSTON – January 12, 2016 – Acquia, the digital experience company, today announced that it has been awarded the ISO 27001 information security management certification for Acquia's cloud services and global operations, reaffirming the company’s comprehensive security practices for digital experience delivery. ISO 27001 is recognized as the international security and compliance standard for enterprise cloud frameworks, and this certification reaffirms Acquia’s commitment to adhering to the strict and specific compliance requirements of its global customers.

In the digital age, the security threat landscape is constantly evolving. Acquia offers its customers a secure, robust platform by design and complementary security products and services, as well as a portfolio of third party compliance audits. Acquia invests heavily in its security program; certifications like ISO 27001 independently validate that Acquia’s security practices meet globally accepted standards for protecting information in the cloud.

“We have built security best practices and controls across every layer of our infrastructure, and our continued review and affirmation through HIPAA, SOC 1, SOC 2, PCI-DSS audits and now ISO 27001 attest to our ongoing commitment to provide enterprise-grade security for our open cloud platform,” said Alan Nugent, CISO and SVP of security, risk and compliance at Acquia.

ISO/IEC 27001:2013 (ISO 27001) is a globally recognized security standard driven by the implementation of an information security management system (ISMS). Specifically, the system is a security framework of policies, procedures and controls that includes administrative, physical and technical safeguards to manage information security risks to internal and customer information.

Acquia offers leading capabilities for building and delivering digital experiences. Acquia provides comprehensive security features for digital experience delivery including, granular access control, two-factor authentication, vulnerability scanning, intrusion detection, security event monitoring, and much more. See a security feature comparison checklist on Acquia.com.

Acquia will conduct annual surveillance reviews and undergo recertification every three years to verify its ongoing compliance and maintain the security standards set by ISO 27001.

“Obtaining ISO 27001 certification is a tremendous achievement,” said Ryan Mackie, senior manager and practice director, ISO certification at BrightLine CPAs and Associates, Inc. “It demonstrates an organization’s proven commitment to information security by means of an ISMS that can identify, address, and mitigate its information security risk while focusing on opportunities for continual improvement. We congratulate Acquia for this accomplishment and applaud them for incorporating this internationally recognized and accepted standard within their compliance foundation.”

The certification was awarded by the International Standard Organisation (ISO) and International Electrotechnical Commission (IEC). The audit evaluated the information security program maintained by Acquia for Acquia Cloud Enterprise and Acquia Cloud Site Factory and was conducted by BrightLine CPAs and Associates, Inc. of Tampa, Fla.

About Acquia
Acquia is the digital experience company. Intuit, Warner Music Group and Stanford University are among the more than 4,000 organizations that are transforming their digital businesses with Acquia’s open cloud platform. Global 2000 enterprises, government agencies and NGOs rely on Acquia to create new revenue streams, lower costs, and engage audiences more deeply through content, community, commerce and context.

For more information visit www.acquia.com or call +1 781 238 8600.

# # #

All logos, company and product names are trademarks or registered trademarks of their respective owners.