Compliance, Security Assurances, and Certifications
Axon’s compliance demonstrates our commitment to providing a trustworthy platform and offers customers a way to understand the controls that have been put in place to secure Evidence.com and their data.
ISO/IEC 27001:2013 Certified
Information Security Management Standards
The ISO/IEC 27001:2013 certificate validates that Axon has implemented the internationally recognized information security
controls defined in this standard, including guidelines and general principles for initiating, implementing, maintaining, and
improving information security management within an organization. A copy of the certification can be downloaded here.
ISO/IEC 27018:2014 Certified
Code of Practice for Protecting Personal Data in the Cloud
The ISO/IEC 27018:2014 certificate validates that Axon has implemented the internationally recognized control objectives, controls and guidelines related to the protection of Personally Identifiable Information (PII) in accordance with the privacy principles in ISO/IEC 29100 for a cloud computing environment. A copy of the certification can be downloaded here.
Evidence.com was designed and is operated to ensure that it is compliant with the FBI CJIS Security Policy. Customers can be assured that their digital data is protected by a robust information security program that is designed to exceed the CJIS security requirements as well as provide protection against current and emerging threats. The Axon CJIS Compliance Whitepaper outlines the specific security policies and practices for Evidence.com and how they are compliant with the CJIS Security Policy. Read more about Axon's CJIS Compliance program and commitments here.
CALEA Standard 17.5.4 Compliance
Evidence.com is aligned with the Commission on Accreditation for Law Enforcement Agencies (CALEA) standard related to Electronic Data Storage in the context of utilizing a service provider (17.5.4). Determining conformity with CALEA standards is a requirement for customers to make individually. TASER can provide customers with a document that outlines how Evidence.com, specifically the Evidence.com Master Service Purchasing Agreement, aligns with the standard. Contact your Axon Sales Representative for more information.
SOC 2+ Report
Axon has achieved AICPA SOC 2 Type 2 reporting. A SOC 2 audit gauges the effectiveness of the Axon Evidence.com service based on the AICPA Trust Service Principles and Criteria. The Axon SOC 2+ report includes a comprehensive description of the Evidence.com service in addition to an assessment of the fairness of the Axon's description of its controls. The SOC 2+ evaluates whether the Axon's controls are designed appropriately, were in operation on a specified date, and were operating effectively over a specified time period. Axon is audited annually against the SOC reporting framework by independent third-party auditors. Contact your Axon Sales Representative to request a copy of the SOC 2+ report (non-disclosure agreement required).
Cloud Security Alliance - CSA STAR Attestation (Level Two)
Axon has been awarded CSA STAR Attestation. STAR Attestation consists of a rigorous third party independent assessment of Evidence.com against the CSA's Cloud Controls Matrix (CCM). Detailed results of the STAR Attestation testing are included in the Axon SOC 2+ report. A copy of Axon's CSA STAR Attestation can be downloaded here.
Cloud Security Alliance - CSA STAR Self-Assessment (Level One)
Axon's Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) response provides detailed information about how Axon fulfills the security, privacy, compliance, and risk management requirements defined in the CCM and Consensus Assessments Initiative Questionnaire (CAIQ) version 3.0.1. Customers can review Axon’s response to the CSA CCM here.
Federal Risk and Authorization Management Program (FedRAMP)
Axon is in process to achieve a FedRAMP Joint Authorization Board (JAB) Provisional Authority To Operate (P-ATO) at the Moderate Impact Level. Currently Axon is in 'FedRAMP In-Process' status, has been prioritized by the JAB for authorization, and is engaged with the FedRAMP PMO & JAB executing the authorization process. Read more about Axon's FedRAMP Authorization here.