Aiven Security

We care about your data. Aiven provides fully managed security for all our services so that our customers can keep their data secure and stay compliant.

Business continuity

Aiven provides 99.99% SLA backed by a 24/7 support and engineering team to make sure that your mission-critical workloads are always up and running. We support Multi-Cloud (AWS, Google Cloud, Azure and others) and multi-AZ deployments, with built-in backup and automatic failover.

Use case

Disaster recovery strategies to handle partial or complete regional outages.

Dedicated VM’s per customer, no multi-tenancy
Multi-Cloud, Multi-Zone deployment
Automatic failover

Secure access

Security starts with the right level of access. Aiven provides secure single sign-on to all your environments with SAML integration, regardless of where you run your workloads. All data is fully encrypted end-to-end at rest and in transit. We also work with bugcrowd for active whitehat hacker bug bounty programs.

Use case

Dedicated VPC Peering on Aiven Cloud to provide fine grained network access control.

At-rest and in-transit encryption
SSO/SAML integration
VPC Peering
BYOC Deployment
PrivateLink for AWS and Azure

Compliance

Our services are ISO 27000-series, GDPR, CCPA, HIPAA and PCI-DSS compliant. We also provide ISAE 3000/SOC2 Type II reports. We continually and actively expand our compliance coverage against the most important global standards.

Use case

Protecting customer’s data privacy is the core tenant of Aiven. We meet the most stringent industry security standards and regulations.

ISAE 3000, ISO27K, GDPR, CCPA, HIPAA and PCI DSS
Automated security update
Annual Security Testing

Sustainability

Discover how we’re putting our sustainability commitments into action: our latest Sustainability Report and Carbon Footprint Report highlight the steps we’ve taken — and the data behind them.

Learn more

Compliance & Privacy

We know that compliance and privacy aren’t “nice-to-haves” — they’re requirements.

ISO/IEC 27001:2022

Certificate no. FI240523-151

Published by the International Organization for Standardization and the International Electrotechnical Commission, ISO/IEC 27001 is the standard for Information Security Management Systems (ISMS).

Compliant since: 2018

View certificate

ISO/IEC 27017:2021

Certificate no. FI240523-151

As part of the ISO/IEC 27000 family, ISO/IEC 27017 is the security standard for cloud services.

Compliant since: 2022

View certificate

ISO/IEC 27018:2020

Certificate no. FI240523-151

ISO/IEC 27018 is the standard for protection of personally identifiable information (PII) in the public clouds.

Compliant since: 2022

View certificate

ISO/IEC 27701:2019

Certificate no. FI240523-152

ISO/IEC 27701 is the standard for Privacy Information Management Systems (PIMS).

Compliant since: 2022

View certificate

ISAE 3000 Type 2

The ISAE 3000 Type 2 report provides information and assurance on the security and reliability of Aiven's services. The document is aligned with AICPA SOC2 Trust Services Criteria. Download the full report through our Whistic Profile.

Compliant since: 2019

View report

PCI DSS

Payment Card Industry Data Security Standard is a standard for secure handling of credit card information.

Compliant since: 2020

HIPAA

Health Insurance Portability and Accountability Act regulates the protection of sensitive patient health information in the US.

Compliant since: 2018

GDPR

The General Data Protection Regulation regulates data protection and privacy of individuals in the EU and European Economic Area.

Compliant since: 2017

CCPA

The California Consumer Privacy Act regulates privacy of consumers in California.

Compliant since: 2020

Security

Aiven provides fully managed security for all our services so that your data stays secure and you stay compliant.

Dedicated virtual machines

Some cloud vendors use multi-tenant virtual machines to reduce costs — but we deliver all Aiven software on dedicated virtual machines for the best security for every customer.

Encryption for data in transit and at rest

We enforce Transport Layer Security (TLS) encryption for connections used in transferring data and encrypt it when it is on the disk.

Complete network security

All Aiven nodes are behind a firewall. You can specify the IP addresses that your users are permitted to connect from. We offer BYOC (bring your own cloud) in our cloud services.

Secure access

Aiven provides secure single sign-on (SSO) to all your environments with SAML integration — with Auth0, Google, Okta, Azure AD, OneLogin, and more — regardless of where you run your workloads.

Automated security updates

Aiven automatically installs all security updates to make sure that your software is kept current.

Annual security testing

We subject ourselves to an annual, externally conducted security evaluation for all our managed cloud services, and we run a continuous public bug bounty program through bugcrowd. Our Internal Security Operations team also conducts periodic security assessments.

Have a question?

Have a question about compliance, privacy, or security? Leave us a message and we will get back to you.