chat
expand_more

Trust Center

Amazing Products and Lasting Partnerships Are Built on Trust

Security, Compliance, and Privacy Are Key Components of the Abnormal Platform

We are committed to providing secure products that support compliance and build trust. Use this Trust Center to learn about our security and trust initiatives. For additional documentation and certification proof, visit the Security Hub.
Security Hub

Product Security and Compliance

At Abnormal, we prioritize and invest in information security because the cyber threat landscape, and the security and compliance requirements for all companies, no matter where they operate, is more complicated and dynamic than ever. We also know that implementing strong information security controls makes good business sense — security builds trust, and trust builds great business.

Privacy

Like our customers, we value data protection and privacy. The privacy laws and frameworks around the world are advancing, adjusting, and expanding their collective reach, and that’s why we take care to partner with our customers to address data protection compliance.

Abnormal Security Product Privacy Guide

What services does Abnormal Security provide?
Download Now

Trust and Compliance at Abnormal Security

Product Security and Compliance

Information Security Program

We maintain an internal Information Security Program (ISP) that addresses our products and our general business practices. The ISP ensures a secure environment for our personnel, customers, systems, and the data we are entrusted to handle. Our ISP is designed to implement appropriate technical and organizational security measures covering our product environments and related company systems, covering key areas such as access controls; personnel training; physical security; network and cloud security; credential and key Management; and software development life cycle policies and practices. Abnormal Security documents our ISP controls, policies and standards, as well as, third-party audit reports in our Security Hub. Access is available under NDA by visiting https://security.abnormalsecurity.com

SOC 2 Compliance

Our ISP is audited on at least an annual cadence by a third-party auditor in connection with a SOC 2 audit. We maintain a SOC 2 certification as a result of this regular audit activity and can share the most recent SOC 2 report with our customers on request and under a non-disclosure agreement. The SOC 2 is a report based on the Auditing Standards Board of the American Institute of Certified Public Accountants' (AICPA) existing Trust Services Criteria (TSC). The purpose of this report is to evaluate an organization’s information systems relevant to security, availability, processing integrity, confidentiality, and privacy.

ISO 27001 Certified

Coalfire ISO, Inc. certifies that Abnormal Security Corporation operates an Information Security Management System (ISMS) that conforms to the requirements of ISO/IEC 27001:2013.
Certificate Issuance Date: September 30, 2021 Expiration Date: September 30, 2024

Privacy

Compliance With Principles and Frameworks

We regularly engage with our customers to respond to and address their privacy-related questions and we work with our customers to execute a Data Protection Addendum (DPA) to our Master Service Agreement which governs the use of our product. The DPA reflects our data protection commitment in each customer relationship and ensures that we and our customers take steps to comply with applicable privacy rules and frameworks such as the General Data Protection Regulation (GDPR) in the European Union (EU), European Economic Area (EEA), and the United Kingdom (UK) as well as the California Consumer Privacy Act (CCPA).

International Personal Data Transfers

We take collaborative steps with our customers to ensure that personal data transfers made by using our product are conducted in accordance with applicable laws. A key component of this joint effort is handled by our DPA, which includes Standard Contractual Clauses (commonly referred to as “Model Clauses”) to demonstrate and satisfy legal compliance of personal data transfers from the EU, EEA, and UK to third countries such as the United States.

Subprocessors

We engage the following subprocessors to help provide our products to our customers.
See Subprocessors