Aha! has invested in robust data center infrastructure to ensure strong security and protection. The following certifications mean that an auditor has verified that specific security controls are in place and operating as intended. These certifications provide customers with the proper assurance that we are committed to providing high performance and secure cloud-based services.
Aha! is ISO 27001 certified and our Statement of Applicability is available here. ISO is an information security standard published by the International Organization for Standardization, the world’s largest developer of voluntary international standards, and the International Electrotechnical Commission (IEC). This certification was issued by an independent and accredited certification body based on successful completion of a formal audit process.
Data center compliance
The Aha! cloud infrastructure is housed in Amazon Web Services (AWS) data centers, which are considered to be the world's best by industry-leading analyst firm Forrester. AWS provides a broad set of capabilities in terms of data center security, network security, and a significant number of certifications. This level of data center and operational security allows Aha! to be compliant with many of the most stringent industry standards.
Aha! datacenter partner AWS publishes a Service Organization Controls 1 (SOC 1), Type II report. The SOC 1 Type II report covers controls in place at a Service Organization intended to meet the needs of the user entity. The type II report additionally includes an auditor's overview of the operating effectiveness of the controls in place to achieve the control objectives.
In addition to the SOC 1 report, AWS publishes a Service Organization Controls 2 (SOC 2), Type II report. Similar to the SOC 1 in the evaluation of controls, the SOC 2 report is an attestation report that expands the evaluation of controls to the criteria set forth by the American Institute of Certified Public Accountants (AICPA) Trust Services Principles. These principles define leading practice controls relevant to security, availability, processing integrity, confidentiality, and privacy applicable to service organizations.
ISO 9001:2008 is the international standard for Quality Management Systems (QMS), published by the International Organization for Standardization (ISO). AWS has undergone a systematic, independent examination of their quality system to determine whether the activities and activity outputs comply with ISO 9001 requirements.
ISO/IEC 27001:2013 is a security management standard that specifies security management best practices and comprehensive security controls. AWS has certification for compliance with ISO/IEC 27001:2013, 27017:2015, and 27018:2019.