2022 The State of Attack Surface Management
We classify all customer data as strictly confidential, regardless of whether it has been obtained publicly or privately. This is our highest level of classification, and requires us to enforce specific security controls to ensure that appropriate protections are in place for use, storage and transmission. We limit access to customer data to those personnel who have a business need for access in support of our service.
We maintain industry-accepted certifications and comply with current industry standards and regulations so you can feel confident that your company and customer data remain secure.
We understand the thoughtfulness organizations must take when choosing a third-party security vendor. Certifications such as SOC 2 Type 2 and ISO 27001 provide an independent attestation that a vendor has controls in place which are operating effectively. Having these certifications enables us to demonstrate this commitment to our customers.
The SOC 2 report provides assurance to our customers and our own team that the organization has designed and implemented effective security controls as defined in the SOC 2 standards set forth by the American Institute of Certified Public Accountants (AICPA).
A copy of our SOC 2 report is available upon request. Please contact your sales representative or account team.
Randori is committed to data privacy and security, including complying with and, where applicable, helping our customers and users comply with the EU General Data Protection Regulation (GDPR).
GDPR is the comprehensive EU-wide data privacy law that went into effect on May 25, 2018. Besides strengthening and standardizing user data privacy across the EU, it introduced new or additional obligations on all organizations that handle EU residents’ personal data, regardless of where the organizations are located.
Randori is committed to maintaining the privacy of customer data. Our policies, controls and processes ensure that our practices are aligned with the expectations of our customers and global privacy laws.
Randori has established a Privacy Policy that describes the purpose(s) for which personally identifiable information (PII) is collected, used, retained, maintained, and shared. Our Privacy Policy is available at: https://www.randori.com/privacy-policy/
Randori complies with applicable law with respect to international transfers of personal data. Where a customer determines that its use of Randori’s services requires the transfer of personal data to a location outside the European Economic Area, Randoir will execute a Data Processing Addendum(DPA) with the customer which includes Standard Contractual Clauses (also commonly referred to as EU Model Clauses). A copy of the Randori DPA is available to prospective and existing customers.
For any privacy related questions, including Data Subject Requests, please email: privacy@randori.com
Randori follows coordinated vulnerability disclosure practices and requests that anyone reporting a vulnerability to us does the same.