Esri customers require assurance that their GIS apps and content are managed in a secure manner. Esri Managed Cloud Services provide options for support in different environments with levels of security classified as Advanced and Advanced Plus.
Esri Managed Cloud Services—Advanced
The Esri Managed Cloud Services Advanced security offering follows American Institute of Certified Public Accountants (AICPA) Service Organization Controls (SOC) framework, which is widely recognized across many industries. SOC 2 and SOC 3 reports are generated and issued under SSAE 18 guidance and developed by the AICPA. These reports are applicable to all third-party service providers, rather than cloud focused. A SOC 2 report created by a third-party SOC assessor can be provided to customers with an active nondisclosure agreement. To request this report, send an email to firstname.lastname@example.org. A SOC 3 report is a general use report that does not require a nondisclosure agreement. The latest Esri Managed Cloud Services Advanced SOC 3 report can be found here. Note that these reports are specific to the Esri Managed Cloud Services offering and not ArcGIS Online.
Esri Managed Cloud Services—Advanced Plus
Esri Managed Cloud Services Advanced Plus is a FedRAMP Moderate compliant offering. FedRAMP is a security authorization framework developed by the federal government along with industry professionals to align requirements for cloud service providers with those of the NIST framework and containing mappings to ISO/IEC 27001. For more details regarding the Esri Managed Cloud Services Advanced Plus offering, refer to the Esri Managed Cloud Services Advanced Plus Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM). For general information about FedRAMP, visit the official FedRAMP site or view the Esri Managed Cloud Services Advanced Plus FedRAMP marketplace listing.
Details regarding the security benefits that are available in both of the offerings described above are provided in the following table:
- ArcGIS Monitor—Collect data and information on the status, usage, availability, and resource utilization in your enterprise GIS.
- FedRAMP-accredited Third Party Assessment Organizations
For detailed security information related to Esri Managed Cloud Services Advanced Plus, see Esri's answers to the latest revision of the Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM).