Solace Cloud Compliance with Industry Standards

Solace is compliant with industry-standards for security. For Solace-controlled infrastructure that is used to run event broker services for customers and the Solace Cloud infrastructure, Solace Home Cloud, and Solace Cloud Console, we are compliant with the following standards:

An asterisk (*) indicates that Solace is in the process of receiving compliance.

In addition to being compliant to several industry standards, Solace has a number of processes and practices in place for security measures for Solace Cloud. For an overview of our processes, see Hardened Developer and Operational Processes.

General Data Protection Regulation Compliancy

The General Data Protection Regulation (GDPR) is a regulation that harmonizes national data privacy laws throughout the EU and enhances the protection of all EU residents with respect to their personal data.

The operations, business practices, and processes used for the Solace Cloud at Solace are compliant with General Data Protection Regulation (GDPR) laws. Here are examples of how Solace complies with GDPR:

  • Application data: All application data is deleted when a specific event broker service is decommissioned (or upon contract termination).
  • Persistent Data: The data destruction of encrypted, persisted event/messaging data is provided by the relevant cloud service provider that was used for deployment.
  • Messaging Plane: Messaging data that is resident within an isolated VPC/VNet . For Customer-Controlled Clusters, the customer handles the data; for messaging data that goes through Dedicated Clusters, Solace handles the data.
  • Event broker service logs: Any logs collected from event broker services are retained for 30 days (optionally 90 days upon request for Solace Insights subscribers); the logs contain monitoring data, high-level commands, and metadata and do not contain personal-identifiable information (PII) or information that identifies the customer.
  • For PII / Account information for Solace Home Cloud
    • For Microsoft Entra ID and OpenID integration – no PII held by Solace Home Cloud to access the service
    • User personal identifiable information: user’s email address, first name and last name
    • Organization Information: Solace holds the customer name as the account owner and a billing address
      • Solace personnel  have no access to the encrypted customer messaging data that traverses the Solace Home Cloud.

Statement on Standards for Attestation Engagements SOC 2, Type 2

American Institute of Certified Public Accountants (AICPA) System and Organization Controls (SOC) is a suite of service offerings CPAs (Certified Accounting Professionals) may provide in connection with system-level controls of a service organization or entity-level controls of other organizations. Solace is currently SOC 2, Type 2 compliant.

ISO-27001

Solace is compliant with ISO-27001. Solace Corporation ensures that the security of assets of your organization, intellectual-property, employee details or information entrusted by third parties.