Fidelis Security® Fidelis Halo® (“Fidelis Halo”) processing grids operate through Amazon Web Services (AWS), which ensures data center security, per their shared responsibility model. These security controls are described in the AWS documentation at https://aws.amazon.com/compliance/data-center/controls/.
Fidelis Security has been audited against the Service Organization Control (SOC) reporting framework for SOC 2, Type 2. The SOC 2 report is available to customers to meet a wide range of US and international auditing requirements.
The SOC 2 is an evaluation of the design and operating effectiveness of controls that meet the criteria for the security principle set forth in the AICPA’s Trust Services Principles criteria. This report provides additional transparency into Fidelis Halo security and availability based on a defined industry standard and further demonstrates Fidelis Security’s commitment to protecting customer data.
Our PCI DSS 3.2 compliance certifies safe and secure handling of credit card holder information. As overseen by the Payment Card Industry Security Standards Council (PCI SSC), Fidelis Security places stringent controls around cardholder data as both a service provider and merchant.
The Fidelis Halo service does not store, process, or transmit any cardholder data. Under the PCI Data Security Standards, our services fall into the category of impacting the security of cardholder data and as such, we acknowledge our responsibility to comply with applicable requirements for PCI for our environment. As Fidelis Security does not perform hosting services, customers are fully responsible for meeting all PCI DSS requirements within their own environments.
All Fidelis Halo services officially support customers in their data centers and all globally connected regions for AWS, Azure, and GCP.