Compliance

ISO/IEC 27001:2013: Fastly is certified to the ISO/IEC 27001:2013 standard for its Information Security Management System (ISMS). You can view our certificate here.

SOC 2 Type 2: Fastly is audited against the Trust Service Criteria for Security and Availability as established by the AICPA.  

GDPR:  Fastly is audited against key articles of the General Data Protection Regulation, mapped to data protection and privacy controls for Fastly as a data processor. 

PCI DSS: Fastly is Payment Card Industry Data Security Standard (PCI DSS) compliant as a Level 1 Service Provider. For customers using Fastly’s Network services, Compute, or Observability products, our PCI-compliant caching product allows customers to configure their services in accordance with our PCI DSS Attestation of Compliance. For customers using the Fastly Next-Gen WAF, this product is included in our Level 1 Service Provider scope for Edge and Core deployments.

HIPAA:  Fastly is audited against relevant sections of the Security and Privacy Rules of the Healthcare Insurance Portability and Accessibility Act (HIPAA). Customers can configure their services using our HIPAA-compliant caching product to support their compliance with these requirements.

If you are a Fastly customer, you can request these audit reports via your customer success point of contact. Prospective customers may request these reports through our sales team under a non-disclosure agreement.