Security Compliance

Trust, but verify

Our Mission

The mission of Verizon Digital Media Services’ Compliance is to help customers understand the security controls in place to protect customer content and user data. Verizon Compliance provides assurance related to the underlying infrastructure, but your organization owns the compliance initiatives related to anything placed on the Content Delivery Network (CDN) infrastructure. Information provided by Verizon Compliance will help you determine our compliance posture and assess your organization’s compliance needs within your industry and/or government requirements.

PCI DSS

PCI DSS Version 3.0 Level 1

Verizon TRANSACT is Level 1 compliant under the Payment Card Industry (PCI) Data Security Standard (DSS). Customers can improve the performance of their web applications that store, process and transmit credit card information by running them on our PCI-compliant technology infrastructure.

SOC 2

AICPA: AT 801 (SSAE 16) SOC 2 Type 1 Report

In order to evaluate the effectiveness of security controls in place, Verizon Digital Media Services publishes a Service Organization Controls 2 (SOC 2), Type II report. The SOC 2 report is an evaluation of controls based on the criteria set forth by the American Institute of Certified Public Accountants (AICPA) Trust Services Principles. The Verizon SOC 2 defines leading practice controls relevant to security, availability, processing integrity, confidentiality, and privacy applicable to service organizations such as Verizon Digital Media Services. This report provides additional transparency into Verizon Digital Media Services’ security and availability based on a defined industry standard and further demonstrates our commitment to protecting customer data. The Verizon SOC 2 report covers the Content Delivery Network and Verizon’s network acceleration services, which include Caching, Content Delivery, Streaming, the TRANSACT commerce platform and ROUTE (Domain Name Service [DNS]), as well as the development practices, security and monitoring of the network acceleration services with delivery regions in North America, South America, Europe and APAC. Please reach out to your sales representative for more information on the Service Organization Controls 2 (SOC 2), Type II report.

Please reach out to your sales representative for more information on the Service Organization Controls 2 (SOC 2), Type II report.

ISO/IEC

ISO/IEC 27001:2013

Verizon is ISO 27001 certified under the International Organization for Standardization (ISO) 27001 standard. ISO 27001 is a widely adopted global security standard that outlines the requirements for information security management systems. It provides a systematic approach to managing company and customer information that’s based on periodic risk assessments. To achieve the certification, a company must show it has a systematic and ongoing approach to managing information security risks that affect the confidentiality, integrity and availability of company and customer information.

Verizon has established a formal program to maintain the certification. This certification reinforces our commitment to providing transparency into our security controls and practices. The Verizon Digital Media Services ISO 27001 certification applies to TRANSACT and Verizon’s network acceleration services, which include Caching Content Delivery, Streaming, the TRANSACT commerce platform, and ROUTE (Domain Name Service [DNS]), as well as the development practices, security and monitoring of the network acceleration services with delivery regions in North America, South America, Europe and APAC.

MPAA

Motion Picture Association of America (MPAA) Best Practices

The Motion Picture Association of America (MPAA) has established a set of best practices for securely storing, processing and delivering protected media and content. Media companies use these best practices as a way to assess risk and security of their content and infrastructure. Verizon Digital Media Services has demonstrated alignment with the MPAA Best Practices, and VDMS infrastructure is compliant with all applicable MPAA infrastructure controls.

Customers can find mapping of Verizon Digital Media Services’ alignment with MPAA Best Practices in Verizon Digital Management Services (Verizon) Alignment with Motion Picture of America Association (MPAA) Content Security Model.

CSA

Cloud Security Alliance (CSA) STAR Certification: LEVEL TWO

In 2011, the Cloud Security Alliance (CSA) launched STAR, an initiative to encourage transparency of security practices within cloud providers. The CSA STAR Certification is a rigorous third party independent assessment of the security of a cloud service provider. The technology-neutral certification leverages the requirements of the ISO/IEC 27001:2005 management system standard together with the CSA Cloud Controls Matrix. cloudsecurityalliance.org/star/certification/

×