Meet Industry Compliance Standards

Acquia Cloud Platform meets compliance standards across a range of industries.

blue acquia droplets cropping an image of a person looking through paper work
Fedramp Logo
FedRAMP Authorized

The Federal Risk and Authorization Management Program (FedRAMP) is a U.S. government-wide program that delivers a standard approach to the security assessment, authorization, and continuous monitoring for cloud products and services.

More on FedRAMP


The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without patient consent or knowledge.

More on HIPAA

SOC 1 Logo

Reports on Controls at a Service Organization Relevant to User Entities’ Internal Control over Financial Reporting (ICFR), prepared in accordance with AT-C section 320, Reporting on an Examination of Controls at a Service Organization Relevant to User Entities’ Internal Control Over Financial Reporting, are specifically intended to meet the needs of entities that use service organizations (user entities) and the CPAs that audit the user entities’ financial statements (user auditors), in evaluating the effect of the controls at the service organization on the user entities’ financial statements.

More on SOC 1

SOC 2 Logo

SOC 2 reports are intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service organization relevant to security, availability, and processing integrity of the systems the service organization uses to process users’ data and the confidentiality and privacy of the information processed by these systems.

More on SOC 2

ISO 27001 Logo
ISO 27001

The ISO/IEC 27001 standard provides companies of any size and from all sectors of activity with guidance for establishing, implementing, maintaining, and continually improving an information security management system.

More on ISO 27001


The General Data Protection Regulation is an EU law on data protection and privacy in the EU and the European Economic Area.

More on GDPR

cybersecurity and infrastructure agency Logo

FISMA 2014 codifies the Department of Homeland Security’s role in administering the implementation of information security policies for federal Executive Branch civilian agencies, overseeing agencies’ compliance with those policies, and assisting OMB in developing those policies.

More on FISMA

CSA Star Logo

The CSA STAR Certification is a rigorous third-party, independent assessment of the security of a cloud service provider.

More on CSA STAR