Veeam Trust Center

Veeam Takes Data Security Seriously to Ensure Your Data Is Protected

Industry Standards and Certifications

Veeam is continuously investing, innovating, and adding to industry and regulatory credentials to help ensure your data is protected and secure. Visit Veeam's Compliance Portal (login required) for a more in-depth look at our security and compliance controls, policies, and practices, along with evidence for your risk assessments and assurance activities.

	SOC 2 Type 2 reviews an organization’s design of internal controls to assess compliance posture and determine whether the implemented controls meet the framework's requirements. Check out the Compliance Portal for more details. ACCESS COMPLIANCE PORTAL Login required
	ISO, the International Organization for Standardization, brings global experts together to agree on the best way of doing things – for anything from making a product to managing a process. ISO provides globally recognized frameworks, including for information security, cybersecurity, quality management, and data protection. These frameworks help organizations build robust security programs that align with industry and legal requirements. Check out the Compliance Portal for more details. ACCESS COMPLIANCE PORTAL Login required
	HIPAA / HITECH Type 2 Attestations are an independent third-party assessment that evaluates an organization’s compliance with HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health At) security, privacy, and breach notification requirements over a specific period. Check out the Compliance Portal for more details. ACCESS COMPLIANCE PORTAL Login required
	Veeam Backup & Replication v12.1 has obtained the Department of Defense Information Network Approved Products List (DoDIN APL) certification. This prestigious certification validates Veeam's commitment to meet the most stringent security, interoperability and supportability requirements of the Department of Defense's (DoD) complex network environments. See certificate
	Common Criteria (CC) is an international set of guidelines and specifications developed for evaluating information security products, specifically to ensure they meet an agreed-upon security standard for government deployments. See certificate
	Veeam aligns its cybersecurity program with the NIST Cybersecurity Framework (CSF), contributed to the NIST Special Publication 1800-11 (Data Integrity: Recovering from Ransomware and Other Destructive Events) and meets FIPS 140-2 compliance. See certificate
	The Federal Risk and Authorization Management Program (FedRAMP®) provides a standardized approach to security authorizations for Cloud Service Offerings for the United States Federal Government. SEE FedRAMP STATUS

Swipe to show more of the table

SOC 2 Type 2 reviews an organization’s design of internal controls to assess compliance posture and determine whether the implemented controls meet the framework's requirements. Check out the Compliance Portal for more details. Access Compliance Portal Login required
ISO, the International Organization for Standardization, brings global experts together to agree on the best way of doing things – for anything from making a product to managing a process. (ISO) provides globally recognized frameworks, including for information security, cybersecurity, quality management, and data protection. These frameworks help organizations build robust security programs that align with industry and legal requirements. Check out the Compliance Portal for more details. Access Compliance Portal Login required
HIPAA / HITECH Type 2 Attestations are an independent third-party assessment that evaluates an organization’s compliance with HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health At) security, privacy, and breach notification requirements over a specific period. Check out the Compliance Portal for more details. Access Compliance Portal Login required
Veeam Backup & Replication v12.1 has obtained the Department of Defense Information Network Approved Products List (DoDIN APL) certification. This prestigious certification validates Veeam's commitment to meet the most stringent security, interoperability and supportability requirements of the Department of Defense's (DoD) complex network environments. See certificate
Common Criteria (CC) is an international set of guidelines and specifications developed for evaluating information security products, specifically to ensure they meet an agreed-upon security standard for government deployments.  See certificate
Veeam aligns its cybersecurity program with the NIST Cybersecurity Framework (CSF), contributed to the NIST Special Publication 1800-11 (Data Integrity: Recovering from Ransomware and Other Destructive Events) and meets FIPS 140-2 compliance.  See certificate
The Federal Risk and Authorization Management Program (FedRAMP®) provides a standardized approach to security authorizations for Cloud Service Offerings for the United States Federal Government. SEE FedRAMP STATUS

SOC 2 Type 2 reviews an organization’s design of internal controls to assess compliance posture and determine whether the implemented controls meet the framework's requirements. Check out the Compliance Portal for more details.

Access Compliance Portal

Login required

ISO, the International Organization for Standardization, brings global experts together to agree on the best way of doing things – for anything from making a product to managing a process. (ISO) provides globally recognized frameworks, including for information security, cybersecurity, quality management, and data protection. These frameworks help organizations build robust security programs that align with industry and legal requirements. Check out the Compliance Portal for more details.

Access Compliance Portal

Login required

HIPAA / HITECH Type 2 Attestations are an independent third-party assessment that evaluates an organization’s compliance with HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health At) security, privacy, and breach notification requirements over a specific period. Check out the Compliance Portal for more details.

Access Compliance Portal

Login required

Veeam Backup & Replication v12.1 has obtained the Department of Defense Information Network Approved Products List (DoDIN APL) certification. This prestigious certification validates Veeam's commitment to meet the most stringent security, interoperability and supportability requirements of the Department of Defense's (DoD) complex network environments.

See certificate

Common Criteria (CC) is an international set of guidelines and specifications developed for evaluating information security products, specifically to ensure they meet an agreed-upon security standard for government deployments. 

See certificate

Veeam aligns its cybersecurity program with the NIST Cybersecurity Framework (CSF), contributed to the NIST Special Publication 1800-11 (Data Integrity: Recovering from Ransomware and Other Destructive Events) and meets FIPS 140-2 compliance. 

See certificate

The Federal Risk and Authorization Management Program (FedRAMP®) provides a standardized approach to security authorizations for Cloud Service Offerings for the United States Federal Government.

SEE FedRAMP STATUS

Swipe to show more of the table

Security & Risk Management

Veeam is endlessly integrating security and risk management into every step of our business – so you can trust your data stays protected, always. Visit Veeam's Compliance Portal (login required) for a more in-depth look at our security and compliance controls, policies, and practices, along with evidence for your risk assessments and assurance activities.

	Products designed with Secure by Design principles prioritize the security of customers as a core business requirement, rather than merely treating it as a technical feature. Veeam has signed the Security by Design Pledge and affirmed our adherence to secure development practices. See Attestation Form RSAA login required

Swipe to show more of the table

Products designed with Secure by Design principles prioritize the security of customers as a core business requirement, rather than merely treating it as a technical feature. Veeam has signed the Security by Design Pledge and affirmed our adherence to secure development practices. See Attestation Form RSAA login required

Products designed with Secure by Design principles prioritize the security of customers as a core business requirement, rather than merely treating it as a technical feature. Veeam has signed the Security by Design Pledge and affirmed our adherence to secure development practices.

See Attestation Form

RSAA login required

Swipe to show more of the table

EXCLUSIVE INTERVIEW

Journey to Cyber Security

Learn from Sue Gordon, Former Deputy Director of US National Intelligence, about the importance of public and private partnership in the journey to cyber security.

FAQs

How can I obtain more information about Veeam’s security compliance and/or certifications?

Please contact your sales representative for more information. If you do not have a sales representative, Contact Us.

How does Veeam ensure compliance with government data protection regulations?

Veeam's solutions are meticulously designed to meet government data protection regulations. By deploying robust encryption methods and adhering to standards like FIPS 140-2, we ensure comprehensive compliance.

Are there any specific certifications or accreditations that Veeam holds for government data protection?

Veeam holds numerous certifications pertinent to government data protection, including DoDIN APL, APL SOCOM, and FIPS 140-2, demonstrating our commitment to the highest compliance standards.

Does Veeam sell or share customer data with third parties?

Veeam commits to our Privacy Policy and will not sell your data, nor give any of your data to third parties (including law enforcement, other government entity, or civil litigant) except as you direct, or as required by law.

How can I report a security concern?

If you have a security concern involving a Veeam product or website, report it via the Submit a Vulnerability Report Form. Veeam will conduct a thorough investigation of each report and take appropriate action for resolution as needed.

Radical Resilience is Our Difference

With Veeam by your side, you have the flexibility you want for today’s
hybrid cloud and the confidence you need for long-term success.

2023 Ransomware Trends Report

Lessons learned from 1,200 victims and nearly 3,000 cyber attacks

Get report

View a Demo

Learn how to modernize your data protection in a live session

View demo

Contact Us

Get help selecting the right solution for your organization

Get started

Veeam Takes Data Security Seriously to Ensure Your Data Is Protected

Industry Standards and Certifications

Security & Risk Management

Journey to Cyber Security

FAQs

How can I obtain more information about Veeam’s security compliance and/or certifications?

How does Veeam ensure compliance with government data protection regulations?

Are there any specific certifications or accreditations that Veeam holds for government data protection?

Does Veeam sell or share customer data with third parties?

How can I report a security concern?

Radical Resilience is Our Difference

Request Custom Demo

Thank you!

Oops! Something went wrong.