Axon’s compliance demonstrates our commitment to providing a trustworthy platform and offers customers a way to understand the controls that have been put in place to secure Axon Evidence and their data.
ISO/IEC 27001:2013 Certified
Information Security Management Standards
The ISO/IEC 27001:2013 certificate validates that Axon has implemented the internationally recognized information security controls defined in this standard, including guidelines and general principles for initiating, implementing, maintaining, and improving information security management within an organization. A copy of the certification can be downloaded here.
ISO/IEC 27018:2014 Certified
Code of Practice for Protecting Personal Data in the Cloud
The ISO/IEC 27018:2014 certificate validates that Axon has implemented the internationally recognized control objectives, controls and guidelines related to the protection of Personally Identifiable Information (PII) in accordance with the privacy principles in ISO/IEC 29100 for a cloud computing environment. A copy of the certification can be downloaded here.
SOC 2+ Report
Axon Evidence and the Axon AI Training Center have achieved AICPA SOC 2 Type 2 reporting. A SOC 2 audit gauges the effectiveness of the services based on the AICPA Trust Service Principles and Criteria, as well as the Cloud Security Alliance Cloud Controls Matrix†, FBI Criminal Justice Information Services Security Policy and UK National Cyber Security Centre Cloud Security Principles†. The Axon SOC 2+ reports include a comprehensive description of the Axon Evidence and AI Training Center environments in addition to an assessment of the fairness of the Axon's description of its controls. The SOC 2+ evaluates whether the controls are designed appropriately, were in operation on a specified date, and were operating effectively over a specified time period. Axon is audited annually against the SOC reporting framework by independent third-party auditors. Contact your Axon Sales Representative to request a copy of the SOC 2+ report.
† Certification applies to Axon Evidence only
Cloud Security Alliance - CSA STAR Attestation (Level Two)
Axon has been awarded CSA STAR Attestation. STAR Attestation consists of a rigorous third party independent assessment of Axon Evidence against the CSA's Cloud Controls Matrix (CCM). Detailed results of the STAR Attestation testing are included in the Axon SOC 2+ report. A copy of Axon's CSA STAR Attestation can be downloaded here.
Cloud Security Alliance - CSA STAR Self-Assessment (Level One)
Axon's Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) response provides detailed information about how Axon fulfills the security, privacy, compliance, and risk management requirements defined in the CCM and Consensus Assessments Initiative Questionnaire (CAIQ) version 3.0.1. Customers can review Axon’s response to the CSA CCM here.
Accessibility Conformance Report - WCAG 2.0 & VPAT/Section 508
Axon has created the Axon Evidence Accessibility Conformance Report for the purpose of assessing Axon Evidence compliance with the Web Content Accessibility Guidelines (WCAG) 2.0. The report covers the degree of conformance for WCAG 2.0 and U.S. Section 508 Standards. The report is available here.
UK OFFICIAL Accreditation
Axon Evidence is suitable for supporting OFFICIAL and OFFICIAL SENSITIVE data. The Axon Evidence service is accredited to store, forward and process information, which is at Business Impact Level (BIL) 2 for Confidentiality, BIL 2 for Integrity and BIL 4 for Availability (2, 2, 4). The accreditation includes an annual IT Security Health Check (ITHC) performed by a CESG-approved CHECK security team. A Risk Management and Accreditation Document Set (RMADS) is available for customer review, which includes a in-depth description of Axon Evidence and a risk assessment. Contact your Axon Sales Representative to request a copy of the Axon Evidence RMADS (non-disclosure agreement required).
UK Cloud Security Principles
As part of the National Cyber Security Centre’s Cloud Security Collection, the Cloud Security Principles provide a summary of the essential security principles to consider when evaluating cloud services. This guidance has been published to help public sector organizations evaluate the suitability of a cloud provider to securely handle their data. Axon has created a Cloud Security Principles Implementation document that details the 14 Cloud Security Principles and explains how the specific security policies and practices for Axon Evidence align with the principles. Also, detail is provided that depicts how Axon Evidence has implemented the principles and how the implementation is validated and tested. Download the Axon Cloud Security Principles Implementation document here.
Cyber Essentials Certified
Axon has gained Cyber Essentials certification which validates implementation of controls in alignment with the UK government-backed Cyber Essentials Scheme. The Cyber Essentials requirements assist organizations in mitigating risk from common internet based threats. Cyber Essentials concentrates on five key controls: (1) Boundary firewalls and internet gateways, (2) Secure configuration, (3) Access control, (4) Malware protection, and (5) Patch management. A copy of Axon's Cyber Essentials certification can be downloaded here.