Commvault: Your Data Protected

In the face of countless threats, safeguarding data takes a layered, proven, and secure-by-design approach. As your trusted partner, Commvault’s hardened, zero-trust protocols protect business data at its core while meeting the most stringent security standards for government agencies and business, alike.

Data security you can trust

From the data center to the cloud, Commvault delivers trusted security, compliance, and resiliency across our award-winning services.


We adhere to stringent regulatory standards so our organization, and yours, remain compliant.


We meet rigorous and progressive security best practices, always prioritizing the confidentiality, integrity, and availability of your data.


We respect your privacy and are committed to providing transparency into our data management practices.

Certifications & Compliances

Get certified and compliant

FIPS 140-2 Compliant

Validates cryptographic modules for encryption and document processing for handling sensitive data.

Note: FIPS 140-3 pending CMVP review.

ISO/IEC 27001: 2013 Certified

Establishes international standards for managing risks to the security of information.

Applicable for Commvault Cloud SaaS customers and Remote Managed Services (RMS) Platform.

NIST 800-53 CP9 & CP10 Compliant

Establishes standards for contingency planning and configuration management to maintain the security of information systems and protect sensitive data from unauthorized access or modification.

VPAT 2.0 — WCAG and 508 Compliant

Describes the accessibility of Commvault Solutions in conformance with Section 508 of the Rehabilitation Act of 1973.

SOC 2 Type II Certified

Provides security standards and criteria for the acceptance, processing, storage, and transmission of credit card information.

Applicable for  Commvault Cloud SaaS customers.

FedRAMP High Authorized

The most stringent confidentiality, accessibility, and availability standards set forth for US government contractors and agencies. See Metallic Government Cloud for more information.

Applicable for Commvault Cloud SaaS customers.

Center for Internet Security Benchmarks

Establishes standards for configuring and safeguarding IT systems, software, and networks.

PCI Certified

Provides security standards and criteria for the acceptance, processing, storage, and transmission of credit card information.

Applicable for  Commvault Cloud SaaS customers.


Provides data security standards for organization handling criminal justice and law enforcement-centric data.

Applicable for Commvault Cloud SaaS customers.


Infosec Registered Assessor Program (IRAP) Australian offers a robust security assessment framework for systems, services, and applications.
Applicable for Commvault Cloud SaaS customers.

Trusted Security

In a data-driven world, security is everything

Security is more than table stakes; it’s the heart of your business—and ours. Commvault’s Information Security Program provides the information needed for our management and board of directors to make well-informed decisions on our overall information security strategy to protect our data—and yours.

How we keep your data secure

We follow industry best practices to continuously monitor security threats and remediate data risks in a single cloud-based experience while leveraging built-in intelligence to stay ahead of threats. Additionally, we help customers integrate security into products from the planning stage through design, development, testing, and deployment.

A person holding an Apple Watch, showcasing its sleek design and advanced features for convenient and stylish wearable technology.

A proactive approach to security and compliance

Our information security governance framework allows us to: Categorize, prioritize, and mitigate risk and threats
Identify, remediate, and recover from incidents
Understand our risk posture and maturity levels
Adopt a risk-based approach to our security footprint

A man in a blue shirt using a tablet device, engrossed in its screen, displaying focused and attentive interaction.

Pillars of our Information Security Governance Framework


We align business and IT strategies with organizational objectives to help us stay true to our mission to help customers protect their data in a difficult world.


We turn strategy into action by fostering a security culture across the organization and integrating security into all business processes.


We execute our program with a growth mindset and invest in our people, systems, and technology to continously evolve and innovate.


We continuously monitor the effectiveness of our program to help us improve our security posture and stay ahead of the evolving threat landscape.

Security & Privacy

Proven Protection. No compromises.

Commvault is committed to supporting our customers compliance with data protection laws and prioritizes the privacy and security of the data we protect with our entire product suite.

Privacy Policy
Responsible AI Policy
Data Processing Agreement
List of Sub-Processors
Government Access Policy
Shared Responsibility Model

Business meeting in progress at office table.

Data Sovereignty

To help global businesses fulfill their data residency and compliance requirements, Commvault Cloud customers have full control over where their data lives.

For more information, please visit our Documentation site.

Professional man on phone in workplace.

From zero trust to zero loss

Future-proof protection starts with zero-trust security to safeguard endpoints, SaaS applications, and hybrid cloud environments from loss.

Readiness & response

Achieve cyber resilience with predictable, rapid and scalable recovery – at the best TCO.

Risk governance

Improve your data security posture by proactively locating and remediating risks across all your production and backup data.  

Early warning

Spot threats sooner, minimize the blast radius and lower your risk exposure.

Cyber recovery

Data resiliency with advanced preparedness, automated validation and rapid recovery – at scale.

Frequently Asked Questions

To Report Vulnerabilities, please visit our documentation site.