Acronis
Company Policy

Full-cycle security

Since 2003, Acronis has been an innovator in ensuring the security and privacy of the data it protects. Acronis maintains a comprehensive information security and compliance program that includes administrative, physical, and technical controls based on ongoing risk assessments. Acronis information security policies and processes are based on broadly accepted international security standards such as ISO 27001 or the National Institute of Standards and Technology (NIST), and take into account the requirements of related local regulation frameworks such as European Union’s General Data Protection Regulation (GDPR) and the United States’ Health Insurance Portability and Accountability Act (HIPAA).

Encryption for security

With end-to-end encryption at every stage – at rest, in transit, or in cloud storage – Acronis products ensure your data is always safe, secure, and private. Data is encrypted using the enterprise-grade AES-256 algorithm for Acronis at-rest storage and protected by a user-defined password, so only you have access. Even the metadata communications between your system and the Acronis Cloud are encrypted for total security.
Encryption for security

Secure code: transparent development with security in mind

Protecting customer data from modern threats means our products must be developed with security in mind. Acronis achieves this objective by:

  •  Applying Secure Software Development Life Cycle (S-SDLC) which focuses on incorporating security into the development cycle, and

  •   Developing and continuously maintaining a corporate culture dedicated to security.

Acronis recognizes the existence of credible information security threats. In addition, all our developers regularly train on the latest security development practices, which are implemented across our R&D organization.

Secure code: transparent development with security in mind

Bug bounty program

Have you found a security issue?

Please report it to us and we will take care that you are fairly awarded for your discovery!

Report

As leaders in cyber protection, we develop our products with a focus on security, ensuring efficient data protection. Our dedicated Application Security, Infrastructure, SOC, and Compliance teams work tirelessly to ensure vulnerability-free products that customers can rely on for protection against modern cyberthreats.

To support these efforts, Acronis has been running a bug bounty program on HackerOne since 2018. We work closely with the security community and embrace researchers who contribute toward the optimization of our products. If you believe you have found a security issue, please report it to us and we will take care that you are fairly awarded for your discovery!

As a partner of the CVE® Program, Acronis is a CVE Numbering Authority (CNA) responsible for publishing disclosed cybersecurity vulnerabilities as CVE Records for all Acronis products. For information on security advisories and updates, see Acronis Security Advisory Database.

Secure data centers

Acronis operates a global network of cloud data centers that are built to provide the highest levels of safety, security, and accessibility.
Secure data centers
  • High data availability
    High data availability
    Ensuring that your organization’s mission-critical data has one of the highest levels of availability, leveraging data centers that provide redundant HVAC, network and UPS systems. Acronis follows the approach of Need plus Two (N+2) for greater redundancy. If there is a failure in a hardware-layer component, it will not affect Acronis’ critical infrastructure or Acronis customers. Acronis stores customer data employing its own software-defined storage solution, Acronis Cyber Infrastructure with Acronis CloudRAID technology.
  • Guarded physical locations
    Guarded physical locations
    Data centers are physically defended 24/7 by security personnel, high fences, and video surveillance, while on-site entry requires biometric and key card access. Strict access control measures ensure that only authorized personnel have access to the data center.
  • Reliable facility management
    Reliable facility management
    Equipped with UPS and backup diesel-generators, Acronis data centers can provide a continuous supply of electricity through undefined power outages of up to 48 hours. HVAC, fire detection and suppression systems, alarms, and monitoring by surveillance cameras (CCTV) allow Acronis to provide a reliable infrastructure.
  • Location choice for your data
    Location choice for your data
    The global nature of our data center network means your data can be stored where you want, ensuring your regulatory compliance and connectivity requirements are met.
*Exact list of certifications and standards may vary for specific data center, please request additional information from your account manager.
About data centers

Commitment to compliance

To ensure that customers can trust our commitment to secure, private, professional product development, Acronis is ISO/IEC 27001:2013 and HDS:2018 certified, and Acronis is committed to complying with applicable privacy laws including GDPR and HIPAA where applicable, confirmed by independent, third-party audits.

Data protection regulations
Global privacy developments pose a significant compliance burden on businesses, especially for those operating worldwide. Acronis is committed to complying with local data protection regulations, including the GDPR, the California Consumer Privacy Act (CCPA) or the Brazilian General Personal Data Protection Law (LGPD) to name a few. Acronis products and services are developed with privacy in mind. Our internal processes and procedures are set up in line with the strictest data protection guidelines, allowing customers to benefit from using a compliant and reliable provider.
Data protection regulations
ISO/IEC 27001:2013
Acronis implements Information Security Management System (ISMS) in accordance with the ISO/IEC 27001:2013 framework for information security, which has become an industry gold standard. Acronis has been certified by the independent third-party auditors of the British Standards Institution (BSI). Acronis is dedicated to continually improving its security posture by enhancing and maturing our ISMS based on latest best practices. Acronis ISO27001 certificate is available here.
ISO/IEC 27001:2013
HIPAA
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the subsequent Health Information Technology for Economic and Clinical (HITECH) Act of 2009 are US regulations aimed at protecting the privacy and security of medical information. The HIPAA rules requirements have emerged into greater prominence in recent times with the proliferation of health data breaches caused by cyberattacks and ransomware attacks on health insurers and providers. There is no official, legally recognized HIPAA compliance certification process or accreditation. HIPAA compliance resides on an ongoing commitment, which includes the implementation of different administrative, technical, and physical safeguards. Acronis supports multiple services (or products). Therefore, individual Acronis service functions and HIPAA compliance status can vary depending on the service and data center used. Please speak with your account manager to clarify the compliance status of particular services and data centers.
HIPAA
HDS
Introduced by the French governmental agency for health, “L’Agence du Numérique en Santé” (ASIP Santé), the HDS certification aims to strengthen the security and protection of personal health data. Acronis has achieved certification for HDS data hosting in Strasbourg. Compliance with HDS requirements demonstrates that we provide a framework for technical and governance measures to secure and protect personal health data, as governed by the French law. The HDS certification from an independent third-party auditor validated that Acronis ensures data confidentiality, integrity, and availability to its customers and partners. Acronis HDS certificate is available here.
HDS
Securing the industry

  • Cloud Security Alliance member

    Cloud Security Alliance (CSA) Security Trust, Assurance and Risk (STAR) is the industry’s most powerful program for security assurance in the cloud. STAR encompasses key principles of transparency, rigorous auditing, and harmonization of standards. The STAR program provides multiple benefits, including indications of best practices and validation of security posture of cloud offerings. As Acronis focuses on cloud workloads and their protection, membership in Cloud Security Alliance is natural. We completed an assessment for CSA’s STAR Level 1 certification, giving more confidence to our prospects, partners, and customers.

  • Member of Microsoft Virus Initiative

    Acronis Cyber Protect is certified as an official anti-malware solution for Windows that can replace Windows Defender. This is achieved via participation in Microsoft Virus Initiative, through which members prove they are able to provide top-level security for Windows.

  • Member of Anti Phishing Working Group

    With phishing now one of the main threats to businesses and individuals – and Acronis products protecting against it – we are proud to contribute to the industry by being a member of the Anti Phishing Working Group.

  • Proud member of AMTSO

    As part of the Anti-Malware Testing Standards Organization (AMTSO), Acronis is helping to develop proper standards for testing security solutions, and we participate in tests that adhere to AMTSO’s standards.

  • Member of The Messaging, Malware and Mobile Anti-Abuse Working Group

    In this international information technology industry forum, Acronis contributes and discusses how to reduce the threat from bots, malware, spam, viruses, DoS attacks, and other online exploitations with other industry players.

  • ML contributor to VirusTotal

    Membership in AMTSO allowed Acronis to contribute our Machine Learning engine to VirusTotal, enabling all users around the world to benefit from our technology’s ability to detect various online data threats.

  • Cloud Security Alliance member

    Cloud Security Alliance (CSA) Security Trust, Assurance and Risk (STAR) is the industry’s most powerful program for security assurance in the cloud. STAR encompasses key principles of transparency, rigorous auditing, and harmonization of standards. The STAR program provides multiple benefits, including indications of best practices and validation of security posture of cloud offerings. As Acronis focuses on cloud workloads and their protection, membership in Cloud Security Alliance is natural. We completed an assessment for CSA’s STAR Level 1 certification, giving more confidence to our prospects, partners, and customers.

  • Member of Microsoft Virus Initiative

    Acronis Cyber Protect is certified as an official anti-malware solution for Windows that can replace Windows Defender. This is achieved via participation in Microsoft Virus Initiative, through which members prove they are able to provide top-level security for Windows.

  • Member of Anti Phishing Working Group

    With phishing now one of the main threats to businesses and individuals – and Acronis products protecting against it – we are proud to contribute to the industry by being a member of the Anti Phishing Working Group.

  • Proud member of AMTSO

    As part of the Anti-Malware Testing Standards Organization (AMTSO), Acronis is helping to develop proper standards for testing security solutions, and we participate in tests that adhere to AMTSO’s standards.

  • Member of The Messaging, Malware and Mobile Anti-Abuse Working Group

    In this international information technology industry forum, Acronis contributes and discusses how to reduce the threat from bots, malware, spam, viruses, DoS attacks, and other online exploitations with other industry players.

  • ML contributor to VirusTotal

    Membership in AMTSO allowed Acronis to contribute our Machine Learning engine to VirusTotal, enabling all users around the world to benefit from our technology’s ability to detect various online data threats.

Resources

Sorry, your browser is not supported.

It seems that our new website is incompatible with your current browser's version. Don’t worry, this is easily fixed! To view our complete website, simply update your browser now or continue anyway.

© 2003–2022 Acronis International GmbH. All rights reserved.
Legal information