Triton is architected to be a highly secure public cloud suitable for hosting a wide range of production applications and sensitive data. In addition to maintaining key industry certifications, compliances, reports, and attestations, we provide customized service offerings to help customers mitigate their risks in the cloud. Working with Triton, our customers can build on top of our services and be able to achieve and maintain their compliance needs.
PCI DSS Level 1 compliance
Safe Harbor certification
SOC 1/SSAE 16 report
Health Insurance Portability and Accountability Act (HIPAA)
Triton infrastructure is housed within top tier data centers, including Equinix and SwitchNap. These data centers are secured with a variety of physical controls to prevent unauthorized access.
Triton services are architected to be secure and prevent unauthorized access or usage.
We recommend that users encrypt their personal or business data within Triton, both in production and in backup / storage environments. While data encryption is NOT a default offering in Triton, we can recommend a variety of appropriate encryption options that users can implement on top of Triton infrastructure.
In accordance with the Statement on Standards for Attestation Engagements No. 16 (SSAE 16), Joyent has completed a SOC 1 Type 1 report. This audit attests that Joyent's control objectives are effectively designed and that the individual controls defined to safeguard customer data are operating effectively. Our commitment to the SOC 1 report is ongoing, and we plan to continue our process of periodic audits.
An Independent Qualified Security Assessor (QSA) under the Payment Card Industry (PCI) Data Security Standard (DSS) has successfully validated Joyent as a Level 1 service provider. PCI validated services include the Triton virtual infrastructure, the Triton management environment, and the underlying physical infrastructure.
Joyent does not provide credit card services to its customers. All additional required PCI DSS controls for a customer environment implemented within Triton remain the responsibility of Joyent's customers. Those controls must be assessed and validated on an individual merchant or service provider basis, as part of the customer’s validation of PCI DSS compliance for the customer’s own report on compliance (ROC).
Joyent’s high-performance cloud is compliant with the U.S. Health Insurance Portability and Accountability Act (HIPAA). We provide covered entities subject to HIPAA with a secure environment to manage, update and store protected health information. Joyent signs Business Associate Agreements with customers to validate the integrity of our process systems that facilitate HIPAA compliance. Contact our customer success team to learn more about how you can leverage Triton to ensure ongoing HIPAA compliance.
Joyent recommends that users rotate or change access keys and certificates on a regular basis to prevent unauthorized access and provide additional security.
Our goal is to work with you to deliver a secure cloud computing platform. Below are a some key highlights regarding security practices on Triton:
Questions regarding compliance may be directed to: firstname.lastname@example.org.