Commvault: Your Data Protected

In the face of millions of threats and billions of vulnerabilities, the only way to protect anything is to protect everything. As your trusted partner, Commvault’s data security, protection, and privacy help you address the ever-changing threat landscape and regulatory environment to move forward with confidence.


No matter where your data resides, Commvault can ensure it’s secure, defended, protected, and encrypted.

We adhere to industry-leading standards so our organization and yours – remain compliant.

We align with industry best practices to prioritize the confidentiality, integrity, and availability of your data.

We respect your privacy and are committed to providing transparency into our data management practices.


Industry Standards and Certifications

Commvault meets the most stringent industry standards and security certifications to ensure our customer’s data confidentiality, integrity, and availability are fully protected in accordance with US and international standards.

  • FIPS 140-2 Compliant

    Validates cryptographic modules for encryption and document processing for handling sensitive data.

    Note: FIPS 140-3 pending CMVP review.

  • ISO/IEC 27001: 2013 Certified

    Establishes international standards for managing risks to the security of information.

    Applicable for Metallic and Remote Managed Services (RMS) Platform.

  • NIST 800-53 CP9 & CP10 Compliant

    Establishes standards for contingency planning and configuration management to maintain the security of information systems and protect sensitive data from unauthorized access or modification.

  • VPAT 2.0 – WCAG and 508 Compliant

    Describes the accessibility of Commvault Solutions in conformance with Section 508 of the Rehabilitation Act of 1973.

  • SOC 2 Type II Certified

    Assesses ability to meet overall security policies, including availability, processing integrity, confidentiality, and privacy standards.

    Applicable for Metallic and RMS.

  • FedRAMP High In Process – In PMO Review

    The most stringent confidentiality, accessibility, and availability standards set forth for US government contractors and agencies. See Metallic Government Cloud for more information.

    Applicable for Metallic.

  • Center for Internet Security Benchmarks

    Establishes standards for configuring and safeguarding IT systems, software, and networks.

  • PCI Certified

    Provides security standards and criteria for the acceptance, processing, storage, and transmission of credit card information.

    Applicable for Metallic.

  • CJIS

    Provides data security standards for organization handling criminal justice and law enforcement-centric data.

    Applicable for Metallic.

For more information on Commvault’s certifications and compliance, visit our documentation site here.


In a data-driven world, security is everything

For any business today, data is the most important asset you have. Security is more than table stakes; it’s the heart of your business—and ours. Commvault’s Information Security Program provides the information needed for our management and board of directors to make well-informed decisions on our overall information security strategy to protect our data—and yours.

How we keep your data secure

We follow industry best practices to continuously monitor security threats and remediate data risks in a single cloud-based experience while leveraging built-in intelligence to stay ahead of threats. Additionally, we help customers integrate security into products from the planning stage through design, development, testing, and deployment.

A proactive approach to security and compliance

Our information security governance framework allows us to:

  • Categorize, prioritize, and mitigate risk and threats
  • Identify, remediate, and recover from incidents
  • Understand our risk posture and maturity levels
  • Adopt a risk-based approach to our security footprint

Pillars of our Information Security Governance Framework


We align business and IT strategies with organizational objectives to help us stay true to our mission to help customers protect their data in a difficult world.


We turn strategy into action by fostering a security culture across the organization and integrating security into all business processes.


We execute our program with a growth mindset and invest in our people, systems, and technology to continuously evolve and innovate.


We continuously monitor the effectiveness of our program to help us improve our security posture and stay ahead of the evolving threat landscape.


Proven Protection. No compromises.

See why our customers trust us to enable secure experiences

Commvault is committed to supporting our customers’
compliance with data protection laws, and prioritizes
the privacy and security of the data we protect with our
entire product suite.


From zero trust to zero loss

Future-proof protection starts with zero-trust security to safeguard endpoints, SaaS applications, and
hybrid cloud environments from loss.

Governance, risk and compliance

Efficiently manage governance, risk, and compliance (GRC) with our integrated tech stack and single-pane-of-glass console.

Commvault Complete ™

Ensure data availability and business continuity across your on-prem and cloud environments using a single extensible platform.

HyperScale X ™

Accelerate hybrid cloud adoption, scale-out as needed, and manage data workloads from a single intuitive platform.

Metallic ®

Protect and recover your entire data estate, with the simplicity of Metallic SaaS.

Frequently Asked Questions

Security Notices and Alerts

To Report Vulnerabilities, please visit our documentation site.