Nasuni Strengthens Commitment to Customer Data Security Through SOC 2, CSA STAR, and HIPAA

The Nasuni File Data Platform Continues to Ensure All File Data Remains Secure and Accessible for Global Enterprises

April 25, 2023

The Nasuni File Data Platform Continues to Ensure All File Data Remains Secure and Accessible for Global Enterprises

BOSTON, April 25, 2023Nasuni Corporation, a leading provider of file data services, today announced the successful completion of its SOC 2 Type 1, CSA STAR Level 2, and HIPAA audits for 2022, providing enterprise customers with strong third-party validation of its security and compliance systems as it enables their digital transformation and use of the cloud. The company also had its ISO/IEC 27001:2013 certified provider status renewed for the current year. Unstructured file data contains the most sensitive enterprise intellectual property, and legacy storage and data protection technologies fail to provide adequate protection for this data. Cloud file services leverage the durability of the public cloud to deliver unmatched protection.

Established by the American Institute of Certified Public Accountants (AICPA), the SOC 2 Type 1 examination is designed for organizations of any size, regardless of industry and scope, to ensure the personal assets of their potential and existing customers are protected. SOC 2 Type 1 reports are recognized globally and affirm that a company’s infrastructure, software, people, data, policies, procedures, and operations have been formally reviewed. Nasuni plans to undergo another audit later this year to achieve SOC 2 Type 2, which assesses how effective these controls are over time by observing operations for a specified period.

“A SOC 2 audit is a statement about an organization’s commitment to protecting their information,” said Stephanie Oyler-Rankin, SOC Practice Lead at A-LIGN. “As a trusted third-party assessment firm, A-LIGN independently evaluates client data processes and procedures, governance on internal controls, and security posture. Nasuni’s SOC 2 report validates its commitment to data security and protection, as well as compliance with critical standards to mitigate cybersecurity threats.”

The HIPAA (Health Insurance Portability and Accountability Act of 1996) audit illustrates that Nasuni meets the standards of the Privacy, Security, and Breach Notification Rules of HIPAA. HIPAA is a U.S. Federal law put in place to protect healthcare information as required for healthcare organizations. While Nasuni is not in the healthcare industry, this is important for customers who are, especially for those for whom Nasuni may be considered a HIPAA Business Associate.

CSA STAR (Cloud Security Alliance – Security, Trust, Assurance, and Risk) Level 2 demonstrates Nasuni’s commitment to achieve cloud security competency, and a commitment to the industry at large. It’s based on attaining ISO 27001 certification and meeting additional criteria specified in the Cloud Controls Matrix (CCM) Version 4. Nasuni proved that it conforms to the requirements of ISO 27001, has addressed issues critical to cloud security as outlined in the CCM, and has been assessed against the STAR Capability Maturity Model for the management of activities in CCM control areas.

The audits were conducted late last year by leading compliance assessor A-LIGN, a technology-enabled security and compliance partner trusted by more than 2,500 global organizations to help mitigate cybersecurity risks.

“Ensuring that the most effective and comprehensive security measures are in place for both Nasuni and its customers is our top priority,” said John Bilotti, Chief Information Officer/Chief Information Security Officer at Nasuni. “These successful audits demonstrate Nasuni’s commitment to providing its customers with the highest security standards, at all stages, as they leverage the cloud to gain advanced access, collaborate, scale, and improve economics over legacy solutions.”

Compliance with internationally recognized standards like SOC 2 confirms that Nasuni’s security program follows industry best practices in the most comprehensive manner possible. This is a clear illustration that the company’s commitment to data security has been formed, implemented, and controlled in all areas as the standard requires.

For more information about Nasuni’s security practices, please visit Nasuni’s Trust Center at


About Nasuni
Nasuni Corporation is a leading file data services company that helps organizations create a secure, file data cloud for digital transformation, global growth and information insight. The Nasuni File Data Platform is a cloud-native suite of services that simplifies file data infrastructure, enhances file data protection and ensures fast file access globally at the lowest cost. By consolidating file data in easily expandable cloud object storage from Azure, AWS, Google Cloud, and others, Nasuni becomes the cloud-native replacement for traditional network attached storage (NAS) and file server infrastructure, as well as complex legacy file backup, disaster recovery, remote access, and file synchronization technologies. Organizations worldwide rely on Nasuni to easily access and share file data globally from the office, home or on the road. Sectors served by Nasuni include manufacturing, construction, creative services, technology, pharmaceuticals, consumer goods, oil and gas, financial services and public sector agencies. Nasuni’s corporate headquarters is based in Boston, Massachusetts, USA delivering services in over 70 countries around the globe. For more information, visit

About A-LIGN
A-LIGN uniquely delivers a single-provider approach as a licensed SOC 1 and SOC 2 Assessor, accredited ISO 27001, ISO 27701 and ISO 22301 Certification Body, HITRUST CSF Assessor firm, accredited FedRAMP 3PAO, candidate CMMC C3PAO, and Qualified Security Assessor Company. A-LIGN ASSURANCE is a licensed certified public accounting firm registered as Price and Associates CPAs, LLC. A-LIGN may refer to the entities of both A-LIGN and A-LIGN ASSURANCE collectively as A-LIGN. For more information, visit

Social media links

Media Contacts:

North America
JaeMi Pennington
Metis Communications
Phone: +1 617-236-0500 ext 26
Email: [email protected]

Maria Loupa
Waters Agency
Phone: +44 (0)7591 004 738
Email: [email protected]

Ready to dive deeper into a new approach to data infrastructure?