Edgio Information Security & Compliance

Our Mission

The mission of Edgio’s compliance is to help customers understand the security controls in place to protect customer content and user data. Edgio Compliance provides assurance related to the underlying infrastructure, but your organization owns the compliance initiatives related to anything placed on the content delivery network (CDN) infrastructure. Information provided by Edgio Compliance helps you determine our compliance posture and assess your organization’s compliance obligations within your industry and/or government requirements.

PCI-DSS

Edgio is Payment Card Industry Data Security Standard (PCI-DSS) compliant on multiple platform sites, for both small file and large file delivery. Customers can improve the performance of their web applications that transmit credit card information by running them on our PCI-compliant infrastructure whether it is on Adapt or the Edgio Core Platform.

SOC 2

AICPA: AT 801 (SSAE 18) SOC 2 Type II Report

To evaluate the effectiveness of security controls in place, Edgio is audited regularly by an accredited third party and can provide a Service Organization Controls 2 (SOC 2), Type II report, by request. The SOC 2 report is an evaluation of controls based on the criteria set forth by the American Institute of Certified Public Accountants (AICPA) Trust Services Principles. The Edgio SOC 2 defines leading practice controls relevant to security, availability, processing integrity, confidentiality, and privacy applicable to service organizations such as Edgio. This report provides additional transparency into Edgio’s security and availability based on a defined industry standard and further demonstrates our commitment to protecting customer data.

ISO-IEC

ISO/IEC 27001:2013

Edgio is ISO 27001 certified under the International Organization for Standardization (ISO) 27001 standard. ISO 27001 is a widely adopted global security standard that outlines the requirements for information security management systems. It provides a systematic approach to managing company and customer information that’s based on periodic risk assessments. To achieve the certification, a company must show it has a systematic and ongoing approach to managing information security risks that affect the confidentiality, integrity and availability of company and customer information.

CSA

Cloud Security Alliance (CSA) STAR Certification: LEVEL TWO

In 2011, the Cloud Security Alliance (CSA) launched STAR, an initiative to encourage transparency of security practices within cloud providers. The CSA STAR Certification is a rigorous third-party independent assessment of the security of a cloud service provider. The technology-neutral certification leverages the requirements of the ISO/IEC 27001:2005 management system standard together with the CSA Cloud Controls Matrix. 

MPA

Motion Picture Association (MPA) Best Practices

The Motion Picture Association (MPA) has established a set of best practices for securely storing, processing, and delivering protected media and content. Media companies use these best practices as a way to assess risk and security of their content and infrastructure. Edgio has demonstrated alignment with the MPA Best Practices, and Edgio infrastructure is compliant with all applicable MPA infrastructure controls.

Related Documents

2022 ESG Report