Acronis
Company Policy

Full-cycle security

Since 2003, Acronis has been an innovator in ensuring the security and privacy of the data it protects. Acronis maintains a comprehensive information security and compliance program that includes administrative, physical, and technical controls based on ongoing risk assessments. Acronis information security policies and processes are based on broadly accepted international security standards such as ISO 27001 or the National Institute of Standards and Technology (NIST), and take into account the requirements of related local regulation frameworks such as European Union’s General Data Protection Regulation (GDPR) and the United States’ Health Insurance Portability and Accountability Act (HIPAA).

Acronis Cloud Data centers – A Primer on Security, Privacy, and CompliancePDF, 0.5 MB

Encryption for security

With end-to-end encryption at every stage – at rest, in transit, or in cloud storage – Acronis products ensure your data is always safe, secure, and private. Data is encrypted using the enterprise-grade AES-256 algorithm for Acronis at-rest storage and protected by a user-defined password, so only you have access. Even the metadata communications between your system and the Acronis Cloud are encrypted for total security.
Encryption for security

Secure code: transparent development with security in mind

Protecting customer data from modern threats means our products must be developed with security in mind. Acronis achieves this objective by:

  •  Applying Secure Software Development Life Cycle (S-SDLC) which focuses on incorporating security into the development cycle.

  •   Developing and continuously maintaining a corporate culture dedicated to security.

Acronis recognizes the existence of credible information security threats. In addition, all our developers regularly train on the latest security development practices, which are implemented across our R&D organization.

Secure code: transparent development with security in mind

Bug bounty program

Have you found a security issue?

Please report it to us and we will take care that you are fairly awarded for your discovery!

Report

As leaders in cyber protection, we develop our products with a focus on security, ensuring efficient data protection. Our dedicated Application Security, Infrastructure, SOC, and Compliance teams work tirelessly to ensure vulnerability-free products that customers can rely on for protection against modern cyberthreats.

To support these efforts, Acronis has been running a bug bounty program on HackerOne since 2018. We work closely with the security community and embrace researchers who contribute toward the optimization of our products. If you believe you have found a security issue, please report it to us and we will take care that you are fairly awarded for your discovery!

As a partner of the CVE® Program, Acronis is a CVE Numbering Authority (CNA) responsible for publishing disclosed cybersecurity vulnerabilities as CVE Records for all Acronis products. For information on security advisories and updates, see Acronis Security Advisory Database.

Secure data centers

Acronis operates a global network of cloud data centers that are built to provide the highest levels of safety, security, and accessibility.
Secure data centers
  • High data availability
    High data availability
    Ensuring that your organization’s mission-critical data has one of the highest levels of availability, leveraging data centers that provide redundant HVAC, network and UPS systems. Acronis follows the approach of Need plus Two (N+2) for greater redundancy. If there is a failure in a hardware-layer component, it will not affect Acronis’ critical infrastructure or Acronis customers. Acronis stores customer data employing its own software-defined storage solution, Acronis Cyber Infrastructure with Acronis CloudRAID technology.
  • Guarded physical locations
    Guarded physical locations
    Data centers are physically defended 24/7 by security personnel, high fences, and video surveillance, while on-site entry requires biometric and key card access. Strict access control measures ensure that only authorized personnel have access to the data center.
  • Reliable facility management
    Reliable facility management
    Equipped with UPS and backup diesel-generators, Acronis data centers can provide a continuous supply of electricity through undefined power outages of up to 48 hours. HVAC, fire detection and suppression systems, alarms, and monitoring by surveillance cameras (CCTV) allow Acronis to provide a reliable infrastructure.
  • Location choice for your data
    Location choice for your data
    The global nature of our data center network means your data can be stored where you want, ensuring your regulatory compliance and connectivity requirements are met.
*Exact list of certifications and standards may vary for specific data center, please request additional information from your account manager.
About data centers

Commitment to compliance

To ensure that customers can trust our commitment to secure, private, professional product development, Acronis is ISO/IEC 27001:2013 and HDS:2018 certified, and Acronis is committed to complying with applicable privacy laws including GDPR and HIPAA where applicable, confirmed by independent, third-party audits.

Data protection regulations
Global privacy developments pose a significant compliance burden on businesses, especially for those operating worldwide. Acronis is committed to complying with local data protection regulations, including the GDPR, the California Consumer Privacy Act (CCPA) or the Brazilian General Personal Data Protection Law (LGPD) to name a few. Acronis products and services are developed with privacy in mind. Our internal processes and procedures are set up in line with the strictest data protection guidelines, allowing customers to benefit from using a compliant and reliable provider.
Data protection regulations
ISO/IEC 27001:2013

Acronis implements Information Security Management System (ISMS) in accordance with the ISO/IEC 27001:2013 framework for information security, which has become an industry gold standard. Acronis has been certified by the independent third-party auditors of the British Standards Institution (BSI). Acronis is dedicated to continually improving its security posture by enhancing and maturing our ISMS based on latest best practices. Acronis ISO27001 certificate is available here.

Additionally, Acronis has obtained two certifications which extend general ISO 27001 requirements to: Information security controls for cloud services (ISO 27017:2015); and Protection of personally identifiable information (PII) in cloud (ISO 27018:2019).

ISO/IEC 27001:2013
SOC 2
Acronis has pursued obtaining the System and Organization Controls 2 (SOC 2®) report for service organizations. The standard applies trust services criteria and requirements for organizations, which manage customers’ data. Acronis obtained SOC 2 Type 1 compliance for the services we provide through the Acronis Cyber Cloud platform. Acronis is implementing controls for preserving the security, availability, confidentiality and processing integrity of the information. If you want to get our current SOC 2 report please contact your account manager or support.
SOC 2
PCI DSS

Acronis has successfully passed an independent audit against the Payment Card Industry (PCI) Data Security Standards (DSS). The Qualified Security Assessor has validated Acronis compliance with the PCI DSS 3.2.1 for Level 1 Service Provider.

The current scope of the attestation covers Acronis Cyber Protect Cloud operating in enhanced security mode in several data centers in U.S. and EMEA. Acronis PCI DSS certificate is available here.

PCI DSS
HIPAA
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the subsequent Health Information Technology for Economic and Clinical (HITECH) Act of 2009 are US regulations aimed at protecting the privacy and security of medical information. The HIPAA rules requirements have emerged into greater prominence in recent times with the proliferation of health data breaches caused by cyberattacks and ransomware attacks on health insurers and providers. There is no official, legally recognized HIPAA compliance certification process or accreditation. HIPAA compliance resides on an ongoing commitment, which includes the implementation of different administrative, technical, and physical safeguards. Acronis supports multiple services (or products). Therefore, individual Acronis service functions and HIPAA compliance status can vary depending on the service and data center used. Please speak with your account manager to clarify the compliance status of particular services and data centers.
HIPAA
HDS
Introduced by the French governmental agency for health, “L’Agence du Numérique en Santé” (ASIP Santé), the HDS certification aims to strengthen the security and protection of personal health data. Acronis has achieved certification for HDS data hosting in Strasbourg. Compliance with HDS requirements demonstrates that we provide a framework for technical and governance measures to secure and protect personal health data, as governed by the French law. The HDS certification from an independent third-party auditor validated that Acronis ensures data confidentiality, integrity, and availability to its customers and partners. Acronis HDS certificate is available here.
HDS
Cyber threats insights
Technical details into the latest malware, vulnerabilities, and cyberattacks
Acronis
In cyberattacks, SMBs face an existential threat
17 July 2021 — 2 min read
Acronis
17 July 2021 — 2 min read
Acronis awarded OPSWAT Platinum Certification for Anti-Malware
Acronis Cyber Protection Agent 15.x for Windows has been granted OPSWAT Platinum Certification for Anti-Malware in July 2021. This represents another step forward for our cyber protection technology, which had previously earned Gold Certification, and demonstrates Acronis’ continued focus on refining the effectiveness and compatibility of our solutions, meeting the needs of the ever-evolving cyberthreat and IT landscapes.
14 July 2021 — 5 min read
Acronis
14 July 2021 — 5 min read
Acronis protects customer’s server in REvil attack on Kaseya
The recent supply-chain attack on Kaseya by the REvil ransomware group impacted dozens of managed service providers (MSPs) who rely on Kaseya VSA, as well as thousands of small businesses that are managed by those MSPs. While the initial ransom demand was dropped from $70 million to $50 million, the pain and frustration of those targeted rose steadily during the incident.
Latest news
Securing the industry

  • Member of the Open Web Application Security Project

    The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. For nearly two decades corporations, foundations, developers, and volunteers have supported the OWASP Foundation and its work. Acronis has joined the OWASP to contribute more to various application security projects. Being a company that promotes and follows a security development lifecycle, Acronis pays a lot of attention to application security. Among many projects run by the OWASP community, Acronis is interested in working on web application vulnerability scanners.

  • Cloud Security Alliance member

    Cloud Security Alliance (CSA) Security Trust, Assurance and Risk (STAR) is the industry’s most powerful program for security assurance in the cloud. STAR encompasses key principles of transparency, rigorous auditing, and harmonization of standards. The STAR program provides multiple benefits, including indications of best practices and validation of security posture of cloud offerings. As Acronis focuses on cloud workloads and their protection, membership in Cloud Security Alliance is natural. We completed an assessment for CSA’s STAR Level 1 certification, giving more confidence to our prospects, partners, and customers.

  • Member of Microsoft Virus Initiative

    Acronis Cyber Protect is certified as an official anti-malware solution for Windows that can replace Windows Defender. This is achieved via participation in Microsoft Virus Initiative, through which members prove they are able to provide top-level security for Windows.

  • Member of Anti Phishing Working Group

    With phishing now one of the main threats to businesses and individuals – and Acronis products protecting against it – we are proud to contribute to the industry by being a member of the Anti Phishing Working Group.

  • Proud member of AMTSO

    As part of the Anti-Malware Testing Standards Organization (AMTSO), Acronis is helping to develop proper standards for testing security solutions, and we participate in tests that adhere to AMTSO’s standards.

  • Member of The Messaging, Malware and Mobile Anti-Abuse Working Group

    In this international information technology industry forum, Acronis contributes and discusses how to reduce the threat from bots, malware, spam, viruses, DoS attacks, and other online exploitations with other industry players.

  • ML contributor to VirusTotal

    Membership in AMTSO allowed Acronis to contribute our Machine Learning engine to VirusTotal, enabling all users around the world to benefit from our technology’s ability to detect various online data threats.

  • Member of the Open Web Application Security Project

    The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. For nearly two decades corporations, foundations, developers, and volunteers have supported the OWASP Foundation and its work. Acronis has joined the OWASP to contribute more to various application security projects. Being a company that promotes and follows a security development lifecycle, Acronis pays a lot of attention to application security. Among many projects run by the OWASP community, Acronis is interested in working on web application vulnerability scanners.

  • Cloud Security Alliance member

    Cloud Security Alliance (CSA) Security Trust, Assurance and Risk (STAR) is the industry’s most powerful program for security assurance in the cloud. STAR encompasses key principles of transparency, rigorous auditing, and harmonization of standards. The STAR program provides multiple benefits, including indications of best practices and validation of security posture of cloud offerings. As Acronis focuses on cloud workloads and their protection, membership in Cloud Security Alliance is natural. We completed an assessment for CSA’s STAR Level 1 certification, giving more confidence to our prospects, partners, and customers.

  • Member of Microsoft Virus Initiative

    Acronis Cyber Protect is certified as an official anti-malware solution for Windows that can replace Windows Defender. This is achieved via participation in Microsoft Virus Initiative, through which members prove they are able to provide top-level security for Windows.

  • Member of Anti Phishing Working Group

    With phishing now one of the main threats to businesses and individuals – and Acronis products protecting against it – we are proud to contribute to the industry by being a member of the Anti Phishing Working Group.

  • Proud member of AMTSO

    As part of the Anti-Malware Testing Standards Organization (AMTSO), Acronis is helping to develop proper standards for testing security solutions, and we participate in tests that adhere to AMTSO’s standards.

  • Member of The Messaging, Malware and Mobile Anti-Abuse Working Group

    In this international information technology industry forum, Acronis contributes and discusses how to reduce the threat from bots, malware, spam, viruses, DoS attacks, and other online exploitations with other industry players.

  • ML contributor to VirusTotal

    Membership in AMTSO allowed Acronis to contribute our Machine Learning engine to VirusTotal, enabling all users around the world to benefit from our technology’s ability to detect various online data threats.

Resources

Sorry, your browser is not supported.

It seems that our new website is incompatible with your current browser's version. Don’t worry, this is easily fixed! To view our complete website, simply update your browser now or continue anyway.

© 2003–2023 Acronis International GmbH. All rights reserved.
Legal information