Amazing Products and Lasting Partnerships Are Built on Trust
Security, Compliance, and Privacy Are Key Components of the Abnormal Platform
We are committed to providing secure products that support compliance and build trust. Use this Trust Center to learn about our security and trust initiatives. For additional documentation and certification proof, visit the Security Hub.
Product Security and Compliance
At Abnormal, we prioritize and invest in information security because the cyber threat landscape, and the security and compliance requirements for all companies, no matter where they operate, is more complicated and dynamic than ever. We also know that implementing strong information security controls makes good business sense — security builds trust, and trust builds great business.
Like our customers, we value data protection and privacy. The privacy laws and frameworks around the world are advancing, adjusting, and expanding their collective reach, and that’s why we take care to partner with our customers to address data protection compliance.
Trust and Compliance at Abnormal Security
Product Security and Compliance
Information Security Program
We maintain an internal Information Security Program (ISP) that addresses our products and our general business practices. The ISP ensures a secure environment for our personnel, customers, systems, and the data we are entrusted to handle. Our ISP is designed to implement appropriate technical and organizational security measures covering our product environments and related company systems, covering key areas such as access controls; personnel training; physical security; network and cloud security; credential and key Management; and software development life cycle policies and practices.
Abnormal Security documents our ISP controls, policies and standards, as well as, third-party audit reports in our Security Hub. Access is available under NDA by visiting https://security.abnormalsecurity.com
SOC 2 Compliance
Our ISP is audited on at least an annual cadence by a third-party auditor in connection with a SOC 2 audit. We maintain a SOC 2 certification as a result of this regular audit activity and can share the most recent SOC 2 report with our customers on request and under a non-disclosure agreement. The SOC 2 is a report based on the Auditing Standards Board of the American Institute of Certified Public Accountants' (AICPA) existing Trust Services Criteria (TSC). The purpose of this report is to evaluate an organization’s information systems relevant to security, availability, processing integrity, confidentiality, and privacy.
ISO 27001 Certified
Coalfire ISO, Inc. certifies that Abnormal Security Corporation operates an Information Security Management System (ISMS) that conforms to the requirements of ISO/IEC 27001:2013.
Certificate Issuance Date: September 30, 2021
Expiration Date: September 30, 2024
Compliance With Principles and Frameworks
We regularly engage with our customers to respond to and address their privacy-related questions and we work with our customers to execute a Data Protection Addendum (DPA) to our Master Service Agreement which governs the use of our product. The DPA reflects our data protection commitment in each customer relationship and ensures that we and our customers take steps to comply with applicable privacy rules and frameworks such as the General Data Protection Regulation (GDPR) in the European Union (EU), European Economic Area (EEA), and the United Kingdom (UK) as well as the California Consumer Privacy Act (CCPA).
International Personal Data Transfers
We take collaborative steps with our customers to ensure that personal data transfers made by using our product are conducted in accordance with applicable laws. A key component of this joint effort is handled by our DPA, which includes Standard Contractual Clauses (commonly referred to as “Model Clauses”) to demonstrate and satisfy legal compliance of personal data transfers from the EU, EEA, and UK to third countries such as the United States.
We engage the following infrastructure subprocessors to help provide our products to our customers.
Current as of August 26, 2022
|Subprocessor||Purpose of processing||Location of processing||Subprocessor website|
|Amazon Web Services||Data hosting services for the Abnormal Security SaaS platform||United States||https://aws.amazon.com/|
Abnormal utilizes JIRA for certain bug and ticket handling. Accordingly, some information that you submit into a support ticket may be processed.
Analytics infrastructure provider
Customer Relationship Management Software
Data hosting services for Abnormal’s use of Databricks Platform as a Service (PaaS).
|Microsoft Azure||EU-based customer data hosting services for the Abnormal Security SaaS platform.||Ireland||https://azure.microsoft.com|