Skip to content

Commit

Permalink
Merge pull request #3904 from newrelic/toobagrrl-patch-1
Browse files Browse the repository at this point in the history
  • Loading branch information
@paperclypse
paperclypse committed Sep 15, 2021
2 parents 3de74a7 + 5fabc1d commit d857998
Showing 1 changed file with 265 additions and 3 deletions.
268 changes: 265 additions & 3 deletions ...ontent/docs/licenses/license-information/referenced-policies/security-guide.mdx
View file
Expand Up @@ -7,7 +7,7 @@ tags:
metaDescription: Supplemental guide to security policy
---

**Last updated September 14, 2021.**
**Last updated September 15, 2021.**

This is supplement to our [security policy](/docs/licenses/license-information/referenced-policies/security-policy) and serves as a guide to New Relic’s description of its Services, functionalities, and features.

Expand All @@ -27,18 +27,280 @@ New Relic’s policies and procedures cover industry-recognized security domains

New Relic audits its Services against industry standards as described at [https://docs.newrelic.com/docs/security/security-privacy/compliance/regulatory-audits-new-relic-services/](https://docs.newrelic.com/docs/security/security-privacy/compliance/regulatory-audits-new-relic-services/).

## Data Control and Encryption
## Data Control, Facilities, and Encryption

* New Relic's customers can send data to New Relic's APIs by (1) using New Relic's software, (2) using vendor-neutral software that is managed and maintained by a third-party such as via [OpenTelemetry instrumentation](https://docs.newrelic.com/docs/integrations/open-source-telemetry-integrations/opentelemetry/introduction-opentelemetry-new-relic/#benefits) provided by [opentelemetry.io](opentelemetry.io), or (3) from third-party systems that customer's manage and/or control.
* New Relic's customers can use New Relic's Services such as NerdGraph to filter out and drop data. See [https://docs.newrelic.com/docs/telemetry-data-platform/manage-data/drop-data-using-nerdgraph/](https://docs.newrelic.com/docs/telemetry-data-platform/manage-data/drop-data-using-nerdgraph/).
* New Relic's customers can adjust their data retention periods as appropriate for their needs. See [https://docs.newrelic.com/docs/telemetry-data-platform/manage-data/manage-data-retention/#adjust-retention](https://docs.newrelic.com/docs/telemetry-data-platform/manage-data/manage-data-retention/#adjust-retention).
* New Relic Logs obfuscates numbers that match known patterns, such as bank card and social security numbers as described here: [https://docs.newrelic.com/docs/logs/log-management/get-started/new-relics-log-management-security-privacy/](https://docs.newrelic.com/docs/logs/log-management/get-started/new-relics-log-management-security-privacy/).
* New Relic honors requests to delete personal data in accordance with applicable privacy laws. Please see [https://docs.newrelic.com/docs/security/security-privacy/data-privacy/data-privacy-new-relic/](https://docs.newrelic.com/docs/security/security-privacy/data-privacy/data-privacy-new-relic/).
* Customers may use New Relic's APIs to query data, such as NerdGraph described here, and New Relic Services to export the data to other cloud providers.
* Customers can configure its log forwarder [https://docs.newrelic.com/docs/logs/enable-log-management-new-relic/enable-log-monitoring-new-relic/forward-your-logs-using-infrastructure-agent/] before sending infrastructure logs to New Relic.
* For New Relic Customers in New Relic US, FedRAMP and HIPAA-enabled environments, Customer Data is replicated to the off-site backup system via Amazon Simple Storage Service (S3).

## Facilities
<table border ="2px">
<thead>
<tr>
<th> </th>
<th style={{ width: "100px" }}>**Category of Customer**</th>
</tr>
</thead>

<tbody>
<tr>
<td>Description<td>

<table border ="2px">
<tr>
<td style={{ width: "25px" }}>**FedRAMP**</td>
<td style={{ width: "25px" }}>**HIPAA-enabled**</td>
<td style={{ width: "25px" }}>**US Gen Pop**</td>
<td style={{ width: "25px" }}>**EU Gen Pop**</td>
</tr>
</table>
</td>
</tr>

<tr>
<td>Data is stored in Amazon Web Services (“AWS”).</td>
<td>

<table border="2px">
<tr>

<td style={{ width: "25px" }} className="fcenter">
<Icon
style={{color: 'green'}}
name="fe-check"
/>
</td>

<td style={{ width: "25px" }} className="fcenter">
<Icon
style={{color: 'green'}}
name="fe-check"
/>
</td>

<td style={{ width: "25px" }} className="fcenter">
<Icon
style={{color: 'green'}}
name="fe-check"
/>
</td>

<td style={{ width: "25px" }}>Limited</td>
</tr>
</table>
</td>
</tr>

<tr>
<td>Data is stored in IBM</td>
<td>

<table border="2px">
<tr>
<td style={{ width: "25px" }}></td>

<td style={{ width: "25px" }}></td>

<td style={{ width: "25px" }}></td>

<td style={{ width: "25px" }} className="fcenter">
<Icon
style={{color: 'green'}}
name="fe-check"
/>
</td>
</tr>
</table>
</td>
</tr>

<tr>
<td>Data for New Relic Incident Intelligence is stored in Google Cloud</td>
<td>

<table border="2px">
<tr>
<td style={{ width: "25px" }}></td>

<td style={{ width: "25px" }}></td>

<td style={{ width: "25px" }} className="fcenter">
<Icon
style={{color: 'green'}}
name="fe-check"
/>
</td>

<td style={{ width: "25px" }} className="fcenter">
<Icon
style={{color: 'green'}}
name="fe-check"
/>
</td>
</tr>
</table>
</td>
</tr>

<tr>
<td colspan="2" style="text-align:left">New Relic regularly tests, assess, and evaluates its measures to ensure the security of processing using industry-recognized standards and uses independent third-party auditors as provided below:</td>
</tr>

<tr>
<td>Annual SOC 2 Type 2</td>
<td>
<table border="2px">
<tr>
<td style={{ width: "25px" }} className="fcenter">
<Icon
style={{color: 'green'}}
name="fe-check"
/>
</td>

<td style={{ width: "25px" }} className="fcenter">
<Icon
style={{color: 'green'}}
name="fe-check"
/>
</td>

<td style={{ width: "25px" }}className="fcenter">
<Icon
style={{color: 'green'}}
name="fe-check"
/>
</td>

<td style={{ width: "25px" }} className="fcenter">
<Icon
style={{color: 'green'}}
name="fe-check"
/>
</td>
</tr>
</table>
</td>
</tr>

<tr>
<td>Annual FedRAMP assessment by an independent third-party pursuant to NIST 800-53 rev 4 Moderate authorization.</td>
<td>
<table border="2px">
<tr>

<td style={{ width: "25px" }} className="fcenter">
<Icon
style={{color: 'green'}}
name="fe-check"
/>
</td>

<td style={{ width: "25px" }}></td>

<td style={{ width: "25px" }}></td>

<td style={{ width: "25px" }}></td>

</tr>
</table>
</td>
</tr>

<tr>
<td>Annual HITRUST-validated assessment by an independent third-party *Pursuing CY2021 Q4</td>
<td>
<table border="2px">
<tr>

<td style={{ width: "25px" }}></td>

<td style={{ width: "25px" }}className="fcenter">
<Icon
style={{color: 'green'}}
name="fe-check"
/>
</td>

<td style={{ width: "25px" }}></td>

<td style={{ width: "25px" }}></td>

</tr>
</table>
</td>
</tr>

<tr>
<td>ISO 27001 *Pursuing CY2021</td>
<td>
<table border="2px">
<tr>

<td style={{ width: "25px" }} className="fcenter">
<Icon
style={{color: 'green'}}
name="fe-check"
/>
</td>

<td style={{ width: "25px" }} className="fcenter">
<Icon
style={{color: 'green'}}
name="fe-check"
/>
</td>

<td style={{ width: "25px" }} className="fcenter">
<Icon
style={{color: 'green'}}
name="fe-check"
/>
</td>

<td style={{ width: "25px" }} className="fcenter">
<Icon
style={{color: 'green'}}
name="fe-check"
/>
</td>

</tr>
</table>
</td>
</tr>

<tr>
<td>TISAX *Pursuing CY2021</td>
<td>
<table border="2px">
<tr>

<td style={{ width: "25px" }}></td>

<td style={{ width: "25px" }}></td>

<td style={{ width: "25px" }} className="fcenter">
<Icon
style={{color: 'green'}}
name="fe-check"
/>
</td>

<td style={{ width: "25px" }} className="fcenter">
<Icon
style={{color: 'green'}}
name="fe-check"
/>
</td>
</tr>
</table>
</td>
</tr>
* The Services that operate on Amazon Web Services (“AWS”) are protected by the security and environmental controls of AWS. Detailed information about AWS security is available at [https://aws.amazon.com/security/](https://aws.amazon.com/security/) and [http://aws.amazon.com/security/sharing-the-security-responsibility/](http://aws.amazon.com/security/sharing-the-security-responsibility/). Data encryption at rest utilizes FIPS 140-2 compliant encryption methodology. For AWS SOC Reports, please see [https://aws.amazon.com/compliance/soc-faqs/](https://aws.amazon.com/compliance/soc-faqs/).
* The Services that operate on Google Cloud Platform ("GCP") are protected by the security and environmental controls of GCP. Detailed information about GCP security is available at [https://cloud.google.com/docs/tutorials#security](https://cloud.google.com/docs/tutorials#security). For GCP reports, please see [https://cloud.google.com/security/compliance/](https://cloud.google.com/security/compliance/).
* IBM
Expand Down

0 comments on commit d857998

Please sign in to comment.