Our Commitment to Security

Rootly is SOC 2 Type 1 compliant. We are in the process of completing SOC 2 Type 2 compliance.

Contact us for more details on completion. Our full reports are available upon request.

Architecture

  • Hosted on Amazon Web Services (“AWS”) in the United States across multiple availability zones to support fault tolerance, high availability, and disaster recovery.
  • AWS security groups are used to restrict communication between servers, and VPC is used to isolate the production environment from other environments.
  • Only our load balancers are publicly accessible; everything else is in a private subnet.

Encryption

  • Your data is encrypted at rest using AES 256-bit encryption and protected by TLS in transit.
  • Key management is in place for encryption keys for production services.
  • Your Rootly password is hashed using bcrypt.
  • Any attempt to access Rootly using insecure HTTP protocol is automatically redirected to use secure HTTPS protocol.

Product Security

  • Our Enterprise plan offers audit logs, teams and granular permissions, and SAML Single Sign-On (SSO) with SCIM provisioning.
  • Rootly enforces complex passwords.

Governance

  • Rootly conducts regular third party vulnerability audits and security penetration tests.
  • All Rootly employees undergo background checks and are trained on security best practices during onboarding.
  • Rootly performs daily backups and replication for its core databases across multiple zones in the event of a site disaster.
  • Rootly tests backup and restore capabilities to ensure successful disaster recovery.
  • Rootly has established policies and procedures for responding to potential security incidents.

Endpoint Security

  • All company-owned workstations have MDM technology installed. This ensures they're running up-to-date operating system versions, are malware-free, and allow Rootly IT admins to remotely wipe devices.
  • Rootly workstations have encrypted hard drives, require strong passwords, and lock when idle.

If you believe you’ve found a security vulnerability in Rootly, please get in touch at security@rootly.io.
wave