Trust Center

Amazing products and lasting partnerships are built on trust.

Trust Center

Amazing products and lasting partnerships are built on trust.

Security, compliance, and privacy are key components of the Abnormal Security Platform.

We are committed to providing secure products that support compliance and build trust. Use this Trust Center to learn about our security and trust initiatives. 

Understand our security program and process

Check out our compliance and certification status

Learn what steps we take to address privacy in our products and for our customers.

Product Security and Compliance

See how we handle security and check out our compliance and certification status.


Explore how we address privacy in our products and support our customers’ data protection requirements.

Searching for more information?

Contact us and learn more about Abnormal’s
security and trust initiatives

Trust and Compliance at Abnormal Security

Product Security and Compliance

At Abnormal Security, we prioritize and invest in information security because the cyber threat landscape, and the security and compliance requirements for all companies, no matter where they operate, is more complicated and dynamic than ever. We also know that implementing strong information security controls makes good business sense — security builds trust, and trust builds great business. 


Information Security Program

We maintain an internal Information Security Program (ISP) that addresses our products and our general business practices. The ISP ensures a secure environment for our personnel, customers, systems, and the data we are entrusted to handle. Our ISP is designed to implement appropriate technical and organizational security measures covering our product environments and related company systems, covering key areas such as access controls; personnel training; physical security; network and cloud security; credential and key Management; and software development life cycle polices and practices.


SOC 2 Compliance

Our ISP is audited on at least an annual cadence by a third-party auditor in connection with a SOC 2 audit. We maintain a SOC 2 certification as a result of this regular audit activity and can share the most recent SOC 2 report with our customers on request and under a non-disclosure agreement.




Like our customers, we value data protection and privacy. The privacy laws and frameworks around the world are advancing, adjusting, and expanding their collective reach, and that’s why we take care to partner with our customers to address data protection compliance.


Compliance with principles and frameworks

We regularly engage with our customers to respond to and address their privacy-related questions and we work with our customers to execute a Data Protection Addendum (DPA) to our Master Service Agreement which governs the use of our product. The DPA reflects our data protection commitment in each customer relationship and ensures that we and and our customers take steps to comply with applicable privacy rules and frameworks such as the General Data Protection Regulation (GDPR) in the European Union (EU), European Economic Area (EEA), and the United Kingdom (UK) as well as the California Consumer Privacy Act (CCPA).


International personal data transfers

We take collaborative steps with our customers to ensure that personal data transfers made by using our product are conducted in accordance with applicable laws. A key component of this joint effort is handled by our DPA, which includes Standard Contractual Clauses (commonly referred to as “Model Clauses”) to demonstrate and satisfy legal compliance of personal data transfers from the EU, EEA, and UK to third countries such as the United States.


Infrastructure Subprocessors

We engage the following infrastructure subprocessors to help provide our products to our customers.


Current as of April 8, 2021

SubprocessorPurpose of processingLocation of processingSubprocessor website
Amazon Web ServicesData hosting services for the Abnormal Security SaaS platformUnited States