Security on Messenger

SOC 2 is an assurance report based on AICPA’s Trust Services principles and criteria. The annual assessment and report adheres to the latest SSAE 18 standard and covers everything from how we secure and protect our platforms and data centers, to how we verify the identities and backgrounds of our employees. Messenger Platform’s SOC 2 Type 2 report includes a description of Facebook’s processes in place to ensure the security, confidentiality and availability of enterprise data on our platforms.

We monitor our systems to detect and prevent unauthorized access to enterprise data. Facebook designs, controls and maintains our data centers to balance physical and platform security, availability and performance. We store and protect customer data in data centers that we own or directly lease. We build our own servers, O/S networking and management systems, as well as AI-supported threat analysis and response.

Messenger uses Facebook owned and operated Content Distribution Network (CDN). This CDN includes several layers of cache, including Facebook Edge Point of Presence and Facebook Network Appliances (Facebook owned and protected network appliance deployed at ISPs). Use of this high-performing multi-tier cache enables Messenger to deliver static files, such as photos and videos, faster to our users. In addition, our edge CDN infrastructure has full encryption at rest.