Axon’s compliance demonstrates our commitment to providing a trustworthy platform and offers customers a way to understand the controls that have been put in place to secure Axon Evidence and their data.
ISO/IEC 27001:2013 Certified
Information Security Management Standards
The ISO/IEC 27001:2013 certificate validates that Axon has implemented the internationally recognized information security controls defined in this standard, including guidelines and general principles for initiating, implementing, maintaining, and improving information security management within an organization. A copy of the certification can be viewed here.
ISO/IEC 27017:2015 Certified
Code of Practice for Information Security Controls
The ISO/IEC 27017:2015 certificate validates that Axon has implemented additional controls that enhance and refine those found in the ISO 27002 standard. ISO 27002 provides best practices and guidance for implementing the controls found in ISO 27001. ISO 27017 controls address cloud-specific concerns and detail the responsibilities of cloud service customers and cloud service providers, two categories into which Axon alternately falls depending on the specific control. A copy of the certification can be viewed here.
ISO/IEC 27018:2019 Certified
Code of Practice for Protecting Personal Data in the Cloud
The ISO/IEC 27018:2019 certificate validates that Axon has implemented the internationally recognized control objectives, controls and guidelines related to the protection of Personally Identifiable Information (PII) in accordance with the privacy principles in ISO/IEC 29100 for a cloud computing environment. A copy of the certification can be downloaded here.
Axon Cloud Services was designed and is operated to ensure that it is compliant with the FBI CJIS Security Policy. Customers can be assured that their digital data is protected by a robust information security program that is designed to exceed the CJIS security requirements as well as provide protection against current and emerging threats. The Axon CJIS Compliance White paper outlines the specific security policies and practices for Axon Evidence and how they are compliant with the CJIS Security Policy. Read more about Axon's CJIS Compliance program and commitments here.
CALEA Standard 17.5.4 Compliance
Axon Evidence is aligned with the Commission on Accreditation for Law Enforcement Agencies (CALEA) standard related to Electronic Data Storage in the context of utilizing a service provider (17.5.4). Determining conformity with CALEA standards is a requirement for customers to make individually. Axon can provide customers with a document that outlines how Axon Evidence, specifically the Axon Master Service Purchasing Agreement, aligns with the standard. Contact your Axon Sales Representative for more information.
HIPAA and HITECH
Axon has implemented safeguards to adequately protect Protected Health Information (PHI) that may be captured by Axon products and stored in Axon Evidence. Axon can enter into Business Associate Agreements with customers who are covered entities or business associates under HIPAA and expect PHI to be processed or stored within Axon Evidence. Contact your Axon Sales Representative for more information.
SOC 2+ and SOC 3 Report
Axon Cloud Services and the Axon AI Training Center have achieved AICPA SOC 2 Type 2 reporting. Axon’s SOC 2 audit gauges the effectiveness of the services based on the AICPA Trust Service Principles and Criteria, as well as the Cloud Security Alliance Cloud Controls Matrix†, FBI Criminal Justice Information Services Security Policy, and the UK National Cyber Security Centre Cloud Security Principles†. The Axon SOC 2+ reports include a comprehensive description of the Axon Cloud Services and AI Training Center environments in addition to an assessment of the fairness of Axon's description of its controls. The SOC 2+ evaluates whether controls are designed appropriately, were in operation on a specified date, and were operating effectively over a specified time period. Axon is audited annually by independent third-party auditors against the SOC criteria and additional frameworks listed above. Contact your Axon Sales Representative to request a copy of the SOC 2+ report.
For organizations who need assurance over the security, availability, and confidentiality of Axon Cloud Services, but do not need a detailed system description or comprehensive list of system controls, Axon also makes available a SOC 3 report. This report is provided by the third-party auditing firm and is intended as an summary of the audit engagement, and consists of the independent service auditor’s report, an assertion of Axon management, brief system description, and an overview of the applicable service commitments selected for the audit. A copy of Axon’s SOC 3 report can be found here.
† Criteria apply to Axon Cloud Services only
Cloud Security Alliance - CSA STAR Attestation (Level Two)
Axon has been awarded CSA STAR Attestation. STAR Attestation consists of a rigorous third party independent assessment of Axon Evidence against the CSA's Cloud Controls Matrix (CCM). Detailed results of the STAR Attestation testing are included in the Axon SOC 2+ report. A copy of Axon's CSA STAR Attestation can be downloaded here.
Cloud Security Alliance - CSA STAR Self-Assessment (Level One)
Axon's Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) response provides detailed information about how Axon fulfills the security, privacy, compliance, and risk management requirements defined in the CCM and Consensus Assessments Initiative Questionnaire (CAIQ) version 3.0.1. Customers can review Axon’s response to the CSA CCM here.
Accessibility Conformance Report - WCAG 2.0 & VPAT/Section 508
Axon has created the Axon Evidence Accessibility Conformance Report for the purpose of assessing Axon Evidence compliance with the Web Content Accessibility Guidelines (WCAG) 2.0. The report covers the degree of conformance for WCAG 2.0 and U.S. Section 508 Standards. The report is available here.
Federal Risk and Authorization Management Program (FedRAMP)
Axon has achieved a FedRAMP Joint Authorization Board (JAB) Provisional Authority To Operate (P-ATO) at the Moderate Impact Level. The authorization confirms that Axon Evidence has been reviewed and approved by the US Department of Defense and Homeland Security, and the General Services Administration. Read more about Axon's FedRAMP Authorization here.
Australian Government Information Security Registered Assessor Program (IRAP)
An ACSC-accredited independent third party IRAP Assessment has been completed for Axon Cloud Services for the processing of government data in Australian regions up to and including the PROTECTED level. This assessment determined Axon Cloud Services is based on sound security principles and that the applicable Australian Government Information Security Manual (ISM) are implemented and operating in a manner creating a minimal risk to customer agencies. Contact your Axon Sales Representative to request a copy of the Axon IRAP report.