Security
From day one, security has been at the heart of EMQX Cloud. With our comprehensive security features seamlessly integrated, you can focus on managing your data flows while we handle its safeguarding.
Tenant Isolation
EMQX Cloud employs robust tenant isolation mechanisms, ensuring individual user data remains segregated and secure, preventing any cross-tenant vulnerabilities.
Authentication & Authorization
EMQX Cloud provides comprehensive Authentication and Authorization, enabling you to manage how clients access the MQTT broker.
Role-based Access Control
EMQX Cloud allows multiple users per account, enabling precise access control through sub-users and providing audit logs.
Data Confidentiality
EMQX Cloud safeguards your data with end-to-end encryption and provides enhanced options like private network connectivity.
Compliance
EMQX Cloud serves customers across diverse and highly regulated sectors such as energy, manufacturing, automotive, financial services, healthcare, and high-tech. Our built-in compliance aligns with numerous federal, international, and industry-specific mandates. Our specialized compliance team ensures transparency, diligently providing security documents to establish a trusted relationship between our company, products, and our clients.
TISAX
TISAX (Trusted Information Security Assessment Exchange) is a standardized framework for conducting information security assessments and facilitating information exchange, designed to ensure the security of data within supply chains. Spearheaded by the German Association of the Automotive Industry (VDA), TISAX has achieved broad acceptance across the global automotive sector. TISAX certification allows companies to demonstrate adherence to industry data security and information exchange standards, enhancing trust among partners and customers. While it is a benchmark in the automotive industry, TISAX is also extensively adopted in other sectors for information security assessments. EMQ is proud to have achieved the VDA-TISAX Information Security High Level (AL2) certification.
SOC 1
The SOC 1 report, issued in accordance with attestation standards established by the American Institute of Certified Public Accountants (AICPA), or in accordance with the International Standard on Assurance Engagements 3402, provides management of the service organization, user entities, and the independent auditors of the user entities with information and a service auditor's report related to the service organization's processes and controls affecting the entity's internal control over financial reporting. The SOC 1 report includes an opinion on the fairness of the system's description, the suitability of the design of the controls to achieve specified control objectives, and, in a type 2 report, the operating effectiveness of those controls.
SOC 2 Type 1
SOC 2 is a regularly refreshed report that focuses on controls at a service organization relevant to security, availability, processing integrity, confidentiality or privacy. We currently offer SOC 2 Type 1 reports for EMQX Cloud and EMQX Enterprise.
SOC 2 Type 2
The SOC 2 Report (System and Organization Controls 2 Report) is a third-party independent report developed by the American Institute of Certified Public Accountants (AICPA) for auditing a service provider's services and internal controls based on the Trusted Service Criteria. It is a detailed report with a high degree of objectivity, continuity, and acceptance as globally recognized security audit standard. The SOC 2 report has become an important reference for domestic and international enterprises when choosing a third-party cloud service provider. Achieving compliance ensures that EMQ has robust controls in place to protect its systems and data. With its SOC 2 compliance, EMQ provides customers with the confidence that their data is continually protected by EMQ’s platform.
ISO/IEC 27001:2013
The ISO/IEC 27001:2013 is an international standard for information security management systems (ISMS). It provides a systematic approach to managing sensitive information, ensuring its confidentiality, integrity, and availability. EMQ adopts this standard to demonstrate our commitment to information security and to meet various regulatory and client requirements.
ISO/IEC 27701:2019
ISO/IEC 27701:2019 is an extension to the ISO/IEC 27001 Information Security Management and ISO/IEC 27002 Security Controls. As a globally recognized management system standard, ISO/IEC 27701:2019 offers guidance on privacy protection, detailing how organizations should handle personal information. It plays a pivotal role in showcasing compliance with privacy regulations globally. EMQ's adherence to this certification underscores our dedication to privacy and data protection.
ISO/IEC 20000-1:2018
The ISO/IEC 20000-1:2018 is an international standard for service management systems (SMS). It specifies requirements for establishing, implementing, maintaining, and continually improving an SMS to ensure that organizations consistently deliver quality IT services. Adopting this standard demonstrates EMQ’s commitment to efficient service delivery and continuous improvement in IT service management processes.
ISO 9001:2015
ISO 9001:2015 is the international standard for quality management systems (QMS). It sets out criteria for ensuring consistency in products and services, emphasizing continuous improvement and customer satisfaction. EMQ adopts this standard to demonstrate our commitment to delivering high-quality products and services and meeting customer and regulatory requirements.
GDPR Readiness
The General Data Protection Regulation (GDPR) regulates the use and protection of personal data originating from the European Economic Area (EEA), granting individuals control over their data with a focus on transparency and security. Organizations need clear consent for data actions. EMQ is committed to supporting our customers in their GDPR compliance efforts.
HIPAA
HIPAA, the Health Insurance Portability and Accountability Act, is a U.S. law enacted in 1996. It sets standards for protecting sensitive patient health information. It mandates healthcare providers and other covered entities to ensure the confidentiality, integrity, and security of health data. EMQ can support HIPAA-related customer data after a Business Associate Agreement (BAA) has been properly executed with EMQ.
Ready to get started?
Build your IoT solutions using EMQX Cloud, a reliable and trusted MQTT platform with robust security measures, regulatory compliance, and technical excellence.
Try EMQX Cloud →Engage with Us
We value your insights. Share feedback on our security and compliance measures, and we promise to listen, learn, and elevate.
Have queries about our security and compliance?
Contact Us →Found a potential security vulnerability in EMQX?
Report It →