Our Commitment to Security
The world’s leading security teams rely on Rootly to automate their incident management process. They trust Rootly to operate securely and to protect their data at all times. We take this trust seriously. Here you’ll find an overview of some of the measures we’ve implemented to ensure security and privacy are key tenets of our culture and are ingrained in how we operate day-to-day.
Rootly is SOC 2 Type 1 compliant. We are in the process of completing SOC 2 Type 2 compliance.
Contact us for more details on completion. Our full reports are available upon request.
Rootly has a Data Processing Agreement (DPA) for customers to sign upon request.
- Hosted on Amazon Web Services (“AWS”) in the United States across multiple availability zones to support fault tolerance, high availability, and disaster recovery.
- AWS security groups are used to restrict communication between servers, and VPC is used to isolate the production environment from other environments.
- Only our load balancers are publicly accessible; everything else is in a private subnet.
- Your data is encrypted at rest using AES 256-bit encryption and protected by TLS in transit.
- Key management is in place for encryption keys for production services.
- Your Rootly password is hashed using bcrypt.
- Any attempt to access Rootly using insecure HTTP protocol is automatically redirected to use secure HTTPS protocol.
- Our Enterprise plan offers audit logs, teams and granular permissions, and SAML Single Sign-On (SSO) with SCIM provisioning.
- Rootly enforces complex passwords.
- Rootly conducts regular third party vulnerability audits and security penetration tests.
- All Rootly employees undergo background checks and are trained on security best practices during onboarding.
- Rootly performs daily backups and replication for its core databases across multiple zones in the event of a site disaster.
- Rootly tests backup and restore capabilities to ensure successful disaster recovery.
- Rootly has established policies and procedures for responding to potential security incidents.
- All company-owned workstations have MDM technology installed. This ensures they're running up-to-date operating system versions, are malware-free, and allow Rootly IT admins to remotely wipe devices.
- Rootly workstations have encrypted hard drives, require strong passwords, and lock when idle.