Security on Messenger

Globally Recognized Compliance and Security Certifications

Messenger product and infrastructure is protected by a combination of people, processes and technology security systems. Messenger Platform focuses on keeping our user's data privacy and security at the forefront.


SOC 2 is an assurance report based on AICPA’s Trust Services principles and criteria. The annual assessment and report adheres to the latest SSAE 18 standard and covers everything from how we secure and protect our platforms and data centers, to how we verify the identities and backgrounds of our employees. Messenger Platform’s SOC 2 Type 2 report includes a description of Facebook’s processes in place to ensure the security, confidentiality and availability of enterprise data on our platforms.



We monitor our systems to detect and prevent unauthorized access to enterprise data. Facebook designs, controls and maintains our data centers to balance physical and platform security, availability and performance. We store and protect customer data in data centers that we own or directly lease. We build our own servers, O/S networking and management systems, as well as AI-supported threat analysis and response.

Messenger uses Facebook owned and operated Content Distribution Network (CDN). This CDN includes several layers of cache, including Facebook Edge Point of Presence and Facebook Network Appliances (Facebook owned and protected network appliance deployed at ISPs). Use of this high-performing multi-tier cache enables Messenger to deliver static files, such as photos and videos, faster to our users. In addition, our edge CDN infrastructure has full encryption at rest.


We undergo regular SOC 2 auditing and security testing to provide independent attestation to our controls, policies and practices. The security of our services is regularly tested via source code reviews, penetration tests and more.

People and Processes

We perform proactive validation of security controls with a 24/7 global Security Operations Center (SOC), regular vulnerability and penetration testing, and more.

Application Security - Periodic Application Penetration Testing

Facebook uses the Defense in Depth approach which helps better protect and secure our platform. Additionally, various new features on the Messenger platform get tested and reviewed via source code review and penetration test by an independent security consulting firms. This review covers various new product features.