Compliance

Certifications, standards alignment, and audit reports.

Certifications

SOC 2

SOC 2 Type 2

Certified. Demonstrates CloudFix has designed controls meeting the trust services criteria for security, availability, and confidentiality.

✓ Certified
SOC 2

SOC 2 Type 2

Certified. Demonstrates CloudFix's controls have been operating effectively over a sustained period, verified by independent auditors.

✓ Certified
AWS Partner

AWS ISV Accelerate Partner

Recognized AWS partner with co-sell support and AWS Marketplace integration for streamlined procurement.

Verified Partner
AWS Competency

AWS Cloud Operations Competency

AWS Cloud Operations Competency for Cost Management — validated by AWS for delivering proven cost optimization solutions.

Competency Achieved

Standards Alignment

CloudFix aligns with the CIS AWS Foundations Benchmark where applicable to our infrastructure. This includes:

  • IAM password policies and MFA enforcement
  • Logging configuration (CloudTrail enabled)
  • Encryption at rest and in transit
  • Security group restrictions
  • VPC flow logs

CloudFix follows the AWS Well-Architected Security Pillar principles:

  • Implement a strong identity foundation: IAM roles with least privilege, no long-lived credentials
  • Enable traceability: All fix operations are logged and auditable via CloudTrail
  • Apply security at all layers: VPC isolation, security groups, encryption everywhere
  • Automate security best practices: CloudFormation-based onboarding, SSM-based change management
  • Protect data in transit and at rest: TLS 1.2+ and AES-256

CloudFix is available on AWS Marketplace and has passed AWS's security review process for listed products. This includes:

  • Product security assessment by AWS
  • Secure integration patterns validated
  • Compliance with AWS Marketplace terms
  • Standardized billing through AWS

Downloadable Documents

Access our compliance and security documentation. SOC 2 reports require a signed NDA.

SOC 2 Type 2 Report

Requires NDA. Independent auditor report on CloudFix's control design.

SOC 2 Type 2 Report

Requires NDA. Independent auditor report on CloudFix's operating effectiveness.

AWS Partner Verification

Verify CloudFix's AWS partner status and competencies.

View on AWS Marketplace →

Penetration Test Summary

Requires NDA. Summary of most recent third-party penetration test results.

Terms of Service

CloudFix and RightSpend terms of service, subscription terms, and usage policies.

View Terms of Service

Privacy Policy

How CloudFix collects, uses, and protects your information.

View Privacy Policy

Data Processing Addendum

DPA governing the processing of personal data on your behalf.

View DPA

Need documentation for your review?

Request SOC 2 reports, DPA, or other security documents through our secure request form.