chat
expand_more
Trust Center

Amazing Products and Lasting Partnerships Are Built on Trust

Certification Badges

Security, Compliance, and Privacy Are Key Components of the Abnormal Platform

We are committed to providing secure products that support compliance and build trust. Use this Trust Center to learn about our security and trust initiatives. For additional documentation and certification proof, visit the Security Hub.

 

Product Security and Compliance

At Abnormal, we prioritize and invest in information security because the cyber threat landscape, and the security and compliance requirements for all companies, no matter where they operate, is more complicated and dynamic than ever. We also know that implementing strong information security controls makes good business sense — security builds trust, and trust builds great business.

Privacy

Like our customers, we value data protection and privacy. The privacy laws and frameworks around the world are advancing, adjusting, and expanding their collective reach, and that’s why we take care to partner with our customers to address data protection compliance.

 
 
Screenshot 2022 04 08 090449

Abnormal Security Product Privacy Guide

What services does Abnormal Security provide?

 

Trust and Compliance at Abnormal Security

 

Product Security and Compliance

 

Information Security Program

We maintain an internal Information Security Program (ISP) that addresses our products and our general business practices. The ISP ensures a secure environment for our personnel, customers, systems, and the data we are entrusted to handle. Our ISP is designed to implement appropriate technical and organizational security measures covering our product environments and related company systems, covering key areas such as access controls; personnel training; physical security; network and cloud security; credential and key Management; and software development life cycle policies and practices.

Abnormal Security documents our ISP controls, policies and standards, as well as, third-party audit reports in our Security Hub. Access is available under NDA by visiting https://security.abnormalsecurity.com

SOC 2 Compliance

Our ISP is audited on at least an annual cadence by a third-party auditor in connection with a SOC 2 audit. We maintain a SOC 2 certification as a result of this regular audit activity and can share the most recent SOC 2 report with our customers on request and under a non-disclosure agreement. The SOC 2 is a report based on the Auditing Standards Board of the American Institute of Certified Public Accountants' (AICPA) existing Trust Services Criteria (TSC). The purpose of this report is to evaluate an organization’s information systems relevant to security, availability, processing integrity, confidentiality, and privacy.

ISO 27001 Certified

Coalfire ISO, Inc. certifies that Abnormal Security Corporation operates an Information Security Management System (ISMS) that conforms to the requirements of ISO/IEC 27001:2013.

Certificate Issuance Date: September 30, 2021
Expiration Date: September 30, 2024

 

Privacy

 

Compliance With Principles and Frameworks

We regularly engage with our customers to respond to and address their privacy-related questions and we work with our customers to execute a Data Protection Addendum (DPA) to our Master Service Agreement which governs the use of our product. The DPA reflects our data protection commitment in each customer relationship and ensures that we and our customers take steps to comply with applicable privacy rules and frameworks such as the General Data Protection Regulation (GDPR) in the European Union (EU), European Economic Area (EEA), and the United Kingdom (UK) as well as the California Consumer Privacy Act (CCPA).

International Personal Data Transfers

We take collaborative steps with our customers to ensure that personal data transfers made by using our product are conducted in accordance with applicable laws. A key component of this joint effort is handled by our DPA, which includes Standard Contractual Clauses (commonly referred to as “Model Clauses”) to demonstrate and satisfy legal compliance of personal data transfers from the EU, EEA, and UK to third countries such as the United States.

Infrastructure Subprocessors

We engage the following infrastructure subprocessors to help provide our products to our customers.

Current as of August 26, 2022

SubprocessorPurpose of processingLocation of processingSubprocessor website
Amazon Web ServicesData hosting services for the Abnormal Security SaaS platformUnited Stateshttps://aws.amazon.com/
Atlassian

Abnormal utilizes JIRA for certain bug and ticket handling. Accordingly, some information that you submit into a support ticket may be processed.

United Stateshttps://atlassian.com
Databricks, Inc.

Analytics infrastructure provider

United States

https://databricks.com

Salesforce, Inc.

Customer Relationship Management Software

United States

https://salesforce.com

Microsoft Azure

Data hosting services for Abnormal’s use of Databricks Platform as a Service (PaaS).

United States

https://azure.microsoft.com

Microsoft AzureEU-based customer data hosting services for the Abnormal Security SaaS platform.Irelandhttps://azure.microsoft.com