Commvault: Your Data Protected
In the face of countless threats, safeguarding data takes a layered, proven, and secure-by-design approach. As your trusted partner, Commvault’s hardened, zero-trust protocols protect business data at its core while meeting the most stringent security standards for government agencies and business, alike.
Data security you can trust
From the data center to the cloud, Commvault delivers trusted security, compliance, and resiliency across our award-winning services.
Compliance
We adhere to stringent regulatory standards so our organization, and yours, remain compliant.
Security
We meet rigorous and progressive security best practices, always prioritizing the confidentiality, integrity, and availability of your data.
Privacy
We respect your privacy and are committed to providing transparency into our data management practices.
Certifications & Compliances
Get certified and compliant
FIPS 140-2 Compliant
Validates cryptographic modules for encryption and document processing for handling sensitive data.
Note: FIPS 140-3 pending CMVP review.
ISO/IEC 27001: 2013 Certified
Establishes international standards for managing risks to the security of information.
Applicable for Commvault Cloud SaaS customers and Remote Managed Services (RMS) Platform.
NIST 800-53 CP9 & CP10 Compliant
Establishes standards for contingency planning and configuration management to maintain the security of information systems and protect sensitive data from unauthorized access or modification.
VPAT 2.0 — WCAG and 508 Compliant
Describes the accessibility of Commvault Solutions in conformance with Section 508 of the Rehabilitation Act of 1973.
SOC 2 Type II Certified
Provides security standards and criteria for the acceptance, processing, storage, and transmission of credit card information.
Applicable for Commvault Cloud SaaS customers.
FedRAMP High Authorized
The most stringent confidentiality, accessibility, and availability standards set forth for US government contractors and agencies. See Government Cloud for more information.
Applicable for Commvault Cloud SaaS customers.
Center for Internet Security Benchmarks
Establishes standards for configuring and safeguarding IT systems, software, and networks.
PCI Certified
Provides security standards and criteria for the acceptance, processing, storage, and transmission of credit card information.
Applicable for Commvault Cloud SaaS customers.
CJIS
Provides data security standards for organization handling criminal justice and law enforcement-centric data.
Applicable for Commvault Cloud SaaS customers.
IRAP
Infosec Registered Assessor Program (IRAP) Australian offers a robust security assessment framework for systems, services, and applications.
Applicable for Commvault Cloud SaaS customers.
Trusted Security
In a data-driven world, security is everything
Security is more than table stakes; it’s the heart of your business—and ours. Commvault’s Information Security Program provides the information needed for our management and board of directors to make well-informed decisions on our overall information security strategy to protect our data—and yours.
How we keep your data secure
We follow industry best practices to continuously monitor security threats and remediate data risks in a single cloud-based experience while leveraging built-in intelligence to stay ahead of threats. Additionally, we help customers integrate security into products from the planning stage through design, development, testing, and deployment.
A proactive approach to security and compliance
Our information security governance framework allows us to: Categorize, prioritize, and mitigate risk and threats
Identify, remediate, and recover from incidents
Understand our risk posture and maturity levels
Adopt a risk-based approach to our security footprint
Pillars of our Information Security Governance Framework
Strategy
We align business and IT strategies with organizational objectives to help us stay true to our mission to help customers protect their data in a difficult world.
Implementation
We turn strategy into action by fostering a security culture across the organization and integrating security into all business processes.
Operation
We execute our program with a growth mindset and invest in our people, systems, and technology to continously evolve and innovate.
Monitoring
We continuously monitor the effectiveness of our program to help us improve our security posture and stay ahead of the evolving threat landscape.
Security & Privacy
Proven Protection. No compromises.
Commvault is committed to supporting our customers compliance with data protection laws and prioritizes the privacy and security of the data we protect with our entire product suite.
Privacy Policy
Responsible AI Policy
Data Processing Agreement
List of Sub-Processors
Government Access Policy
Shared Responsibility Model
Data Sovereignty
To help global businesses fulfill their data residency and compliance requirements, Commvault Cloud customers have full control over where their data lives.
For more information, please visit our Documentation site.
From zero trust to zero loss
Future-proof protection starts with zero-trust security to safeguard endpoints, SaaS applications, and hybrid cloud environments from loss.
Readiness & response
Achieve cyber resilience with predictable, rapid and scalable recovery – at the best TCO.
Risk governance
Improve your data security posture by proactively locating and remediating risks across all your production and backup data.
Reliable recovery
Advanced preparedness for resilience, your strategy for predictable, fast recovery
Frequently Asked Questions
(FAQs)
Commvault maintains robust security certifications, which you can learn more about on our documentation site here. Please note they do vary from product to product.
SOC2 reports can be downloaded by existing customers and partners directly from our from: support portals. Click here if you are a Commvault customer. If you are a prospective customer, please ask your Sales executive for a copy of the report – we will be happy to share this with you under a Mutual Non-Disclosure Agreement (MNDA).
We do not have access to your data when you use Commvault products installed on-premises. We may process limited (if any) personal data if we provide remote managed services, professional services, or technical support. For example, we may process personal data such as the business contact details of the person raising a customer support request (e.g., email address, telephone number). Our Master Terms & Conditions, which incorporate our Data Processing Agreement, include terms to cover this limited processing.
If the customer has subscribed for one of Commvault’s SaaS offerings where we also provide data storage (using AWS or Azure infrastructure), Commvault will be a data processor for the customer if the data that being stored includes personal data. To cover this, our SaaS Solution Terms & Conditions under our MTCs incorporates a DPA.
We never sell your data, nor do we give any third party (including law enforcement, other government entity, or civil litigant) direct or unfettered access to customer data except as you direct, as required by law (as per our Government Access Policy), or in accordance with our Privacy Policy.
Please visit GDPR compliance to learn more about how our solutions can help you achieve and maintain GDPR compliance.
Please reach out to privacy@commvault.com for any requests, queries, or complaints regarding your personal data.
For questions, comments, or feedback regarding Commvault’s privacy practices, contact us at privacy@commvault.com.
To report a security vulnerability in the product or get support on how to use a product security feature, please contact Commvault’s support team here. For all other questions, please visit our Contact us page.
Security vulnerability and reporting is the process of identifying potential security risks and vulnerabilities in products and services and then informing the appropriate authorities of these risks and vulnerabilities. This process helps to ensure that products and services remain secure and compliant with security standards.
Existing Commvault customers should directly contact Commvault Support to report a security vulnerability and don’t need to fill out the form linked below.
All other visitors can report security vulnerabilities via an online form here.