Metallic SaaS Security & Compliance Overview

Built on industry-leading Commvault® technology with the power of Microsoft Azure

Metallic offers a multi-layered approach to data protection and security. With built-in hardened security protocols such as multifactor authentication, advanced data encryption, and zero-trust user access controls, Metallic prevents unwarranted access to systems and data. Data backup data copies are also stored in isolated and virtually air-gapped locations outside of source data, ensuring backups are immutable, highly available, and safe from malicious attack.

Metallic meets the most stringent confidentiality, integrity, and availability standards set by government agencies and enterprises alike, along with critical compliance certifications.

Industry Standards and Certifications

ISO Certified

Metallic is ISO 27001 and SOC2 Type II compliant.


Type II Certified


(Criminal Justice Information Systems) Security Policy Compliant


FIPS 140-2 Compliant


High Ready


PCI Compliant
*AOC available upon request

Metallic and GDPR Compliance

Metallic is committed to supporting our customer’s compliance with GDPR, and prioritizes the privacy and security of the data we protect with our entire product suite. When Metallic provides services to our customers as a data processor on their behalf, we will ensure that we comply with the specific requirements for data processors. When we appoint third parties to act as sub-processors, we’ll also ensure that we have appropriate terms in place to comply with the GDPR and safeguard customer’s data.

Metallic Security Whitepaper

The Metallic Security Whitepaper provides additional information on the Metallic architecture, features and functionality, and sophisticated approach to security and compliance.

Power of Azure Security

Built as a cloud-native solution leveraging the best of Azure PaaS and native services, Metallic harnesses the durability and security of the Microsoft Cloud. Azure is backed by more than 3,500 cyber security experts, with more than 90 compliance certifications. The combination of Metallic and Azure means trusted data protection at any scale. Find Azure security documentation here.