Skip to content

Privacy Matters at Contrast Security

Sub-Processors List

List of Sub-Processors as of 28 June 2022

Contrast Security, Inc. (“Contrast”) uses Sub-processors to help in the delivery of products and to provide related support services to our customers. A sub-processor is a 3rd party organisation used by Contrast where we are acting as a processor that may process or have access to personal data.

To ensure that we remain transparent to our customers and to comply with regulatory requirements such as the General Data Protection Regulation (“GDPR”), we maintain an up-to-date list of the entities, functions, and locations of these sub-processors as referenced below. For any questions, please email rfp@contrastsecurity.com

Contrast performs rigorous assessments on the information security and data protection practices of its sub-processors and requires each to commit to written obligations regarding their security measures and to demonstrate compliance with applicable personal data protection laws and regulations and other policies.

To be notified whenever our Sub-processor listing is updated, please follow the link below:

Register Now

 

Tier 1 / Sub-processors for Infrastructure, Security and Business Operations (Potential Access to Confidential Data)

Sub-Processor

Contact Details of Sub-Processor and Data Privacy Officer

Processing Location of Data

Processing Operations of Sub-Processor

Amazon Web Services (“AWS”)

410 Terry Avenue N Seattle, WA 98109 USA

DPO: https://aws.amazon.com/contact-us/compliance-support/

us-east-1 (Virginia USA)

us-west-2 (Oregon, USA)

eu-west-2 (London, UK)

eu-central-1 (Frankfurt, Germany)

ap-northeast-1 (Tokyo, Japan)

Cloud Hosting Provider

Confidential Data captured in Vulnerabilities or Attack Trace Data, Admin User Information

Atlassian, Inc.

350 Bush Street
Floor 13
San Francisco, CA 94194 USA

DPO: Dataprotection@atlassian.com

United States

Privileged users could potentially process from any of these locations - Bulgaria, Canada, Germany, Isle of Man, Israel, Japan, Mexico, New Zealand, UK

Bug Tracking, Project Management, Documentation,  Internal Wiki

Datadog

620 8th Ave
45th Floor
New York, NY 10018
USA 

DPO: gdpr@datadoghq.com

privacy@datadoghq.com

United States

Log Aggregation, Alerting and Security Anomaly Detection

Confidential Data captured in Vulnerabilities or Attack Trace Data, Admin User Information

GitHub (“Microsoft”)

88 Colin P. Kelly Jr. St
San Francisco, CA 94107 USA

DPO: privacy@github.com

fwiet@github.com

United States

Code Hosting Platform

Source Code Control

Source Code

Lacework

6201 America
Center Drive
Suite 200
San Jose, CA 95002
USA

DPO: privacy@lacework.net

Attn: Chief Compliance Officer

United States

Infrastructure Monitoring, Vulnerability Management, Threat Intelligence, Compliance Reporting

Vulnerability Data Related to the SaaS Environment

Salesforce, Inc.

415 Mission St.
3rd Floor
San Francisco, CA 94105, USA

DPO: Privacy@salesforce.com

United States

Customer Relationship Management (“CRM”), Collaboration and Communication (see also Slack)

Customer and Prospect Data

Slack Technologies, Inc.

500 Howard Street
San Francisco, CA
94105 USA

DPO: dpo@slack.com

United States

Communication and Collaboration (see also Salesforce)

Splunk On-Call (Formerly VictorOps)

270 Brannan St.
San Francisco, CA 94107 USA

DPO: dpo@splunk.com

United States

On-call Paging

Vulnerability Data Related to the SaaS Environment

Incident Data

Support Ticket Data

Sumo Logic, Inc.

305 Main Street
Redwood City, CA
94063 USA

DPO: privacy@sumologic.com

or

Sumo Logic Inc.
c/o Legal Department
305 Main Street
Redwood City, CA
94063 USA

United States

Confidential Data captured in Vulnerabilities or Attack Trace Data, Admin User Information

Tenable, Inc.

6100 Merriweather
Drive, 12th Floor
Columbia, MD 21044
USA

DPO: privacy@tenable.com

United States

Vulnerability Scanning

Vulnerability Data Related to the SaaS Environment

Zendesk, Inc.

999 Market Street
San Francisco, CA 94103 USA

DPO: privacy@zendesk.com

euprivacy@zendesk.com

Attn: Privacy Team and DPO

United States 

Customer Success employees with privileged access could potentially access from any of these locations - Canada, Isle of Man, Japan, UK

Customer Support Portal/Customer Relationship Management (“CRM”)

Customer Support Ticket Data

 

 
Tier 2 / Sub-Processors for CRM and Business Operations  (Business Contact Information Processed)

 

Name of Sub-Processor

Contact Details of Sub-Processor/ Data Privacy Officer Contact Information

Processing Location of Data

Processing Operations of Sub-Processor

Gainsight, Inc.

350 Bay Street
Suite 100
San Francisco, CA
94133, USA

DPO: privacy@gainsight.com

Attn: Legal (Data  Protection Officer)

United States

Customer Relationship Management (“CRM”)

Google Workspace

1600 Amphitheatre Pkwy
Mountain View, CA 94043 USA

DPO: https://support.google.com/policies/
contact/general_privacy_form

United States

Email
File Storage
Collaboration
Hosting
Platform Services

Highspot, Inc.

2211 Elliott Ave
Suite 400
Seattle, WA 98121
USA

DPO: privacy@highspot.com

United States

Marketing

Sales Enablement

Hubspot, Inc.

25 First Street
2nd Floor
Cambridge, MA
02142 USA

DPO: security@hubspot.com

United States

Customer Relationship Management “(CRM”)

iWAconsolti

Prolongation of Oriente 6
#996 B Col.
Centro. Orizaba
Veracruz, MX
CP 94300 

DPO: Gerardo Arellano <garellano@iwa.com.mx>

bolsadetrabajo@iwa.com.mx

Mexico

Engineering/ R&D Support

JFrog (Artifactory)

270 E Caribbean Dr."
Sunnyvale, CA
94089 USA

DPO: privacy@jfrog.com

United States

Enterprise Universal Repository Manager (Management of application binaries and artifacts)

Mechdyne

11 East Church
Street 4th Floor
Marshalltown, IA
50158 USA


DPO: at +1.641.754.4649

+44 116 318 4083

United States

IT Support Services

MentorMate

(HQ)
3036 Hennepin Ave.
Minneapolis, MN
55408 USA

DPO: legal@mentormate.com

info@mentormate.com

Bulgaria

Engineering/ R&D Support

Microsoft

One Microsoft Way
Redmond, WA
98052 USA

DPO: Provides a public facing contact form

https://www.microsoft.com/en-us/concern/privacy

United States

Email, Office Suite

Netsuite/ Oracle Corporation

Willis Tower 233
South Wacker
Drive 45th Floor
Chicago IL 60606
USA 

DPO: Public facing contact form. 

secalert_us@oracle.com

United States

Finance and Invoicing Software

Pendo.io

301 Hillsborough Street
Suite 1900
Raleigh, NC 27603
USA

DPO: gdpr@pendo.io

Attn: Data Protection Officer

United States

Platform Usage Analytics

Propelo (Formerly LevelOps)

700 S Bernardo Ave. Suite 103
Sunnyvale, CA 94087 USA

DPO: nishant@propelo.ai

United States

Data Analytics

Salesloft

1180 West Peachtree St. NW
Suite 600
Atlanta, GA 30309 USA

 DPO: privacy@salesloft.com

United States

Customer Relationship Management (“CRM”), Sales Engagement

SonarCloud

Route De PreBois
CH-1214
Vernier
Switzerland

DPO: info@sonarsource.com

https://www.sonarsource.com/
company/contact/

United States

Analytics Tool  

Zoom

55 Almaden Blvd
Suite 600
San Jose, CA
95113 USA

DPO: privacy@zoom.us

Attn: Data Protection Officer

United States

Conference Calling Communication

ZoomInfo

805 Broadway St
Suite 900
Vancouver, WA 98660 USA

DPO: legal@zoominfo.com

privacy@zoominfo.com

United States

Marketing, CRM Insights Tool, Advertising

 

 

 

3rd Party Policy and Security Due Diligence Review:
Tier 1 / Sub-Processors for Infrastructure, Security and Business Operations (Potentials Access to Confidential Data)

Sub-Processor

Audit Conducted

Audit Method

Evidence Reviewed by Contrast Security, Inc

Amazon Web

Services (“AWS”)

Yes

AWS engages an industry-recognized independent auditor to conduct the appropriate audit(s) on their systems and controls.

As part of Contrast’s due diligence, we ensure current and appropriate reports, certifications, policies and, in some instances, vendor assessments are in place. These are reviewed by the appropriate stakeholders at Contrast, i.e., Compliance, Information Security, Privacy, etc. We escalate any findings to the appropriate business owner and ensure a remediation plan is identified and closed in accordance with defined timelines.

●      SOC 2 Type II Report (6 -month cadence to September 2021)

●      ISO 27001:2013 certificate (issued January 2022)

●      ISO 27017:2015 certificate (issued March 2022)

●      ISO 27018:2019 certificate (issued March 2022)

●      ISO 27701:2019 certificate (issued March 2022)

●      AWS Privacy Notice

●      AWS Security overview

Atlassian, Inc.

Yes

Atlassian engages an industry-recognized independent auditor to conduct the appropriate audit(s) on their systems and controls.

As part of Contrast’s due diligence, we ensure current and appropriate reports, certifications, policies and, in some instances, vendor assessments are in place. These are reviewed by the appropriate stakeholders at Contrast, i.e., Compliance, Information Security, Privacy, etc. We escalate any findings to the appropriate business owner and ensure a remediation plan is identified and closed in accordance with defined timelines.

●      ISO 27001:2013 certificate (issued January 2022)

●      SOC 2 Type II Report (September 2021)

●      Bridge Letter SOC 2, Type II (January 2022)

●      Security at Atlassian

●      Privacy Policy

Datadog

Yes

Datadog engages an industry-recognized independent auditor to conduct the appropriate audit(s) on their systems and controls.

As part of Contrast’s due diligence, we ensure current and appropriate reports, certifications, policies and, in some instances, vendor assessments are in place. These are reviewed by the appropriate stakeholders at Contrast, i.e., Compliance, Information Security, Privacy, etc. We escalate any findings to the appropriate business owner and ensure a remediation plan is identified and closed in accordance with defined timelines.

●      SOC 2 Type II Report (December 2021)

●      ISO 27001:2013 certificate (issued December 2021)

●      Pen Test Security Assessment (April 2022)

●      SIG Core (2022)

●      Privacy Policy

GitHub (“Microsoft”)

Yes

GitHub engages an industry-recognized independent auditor to conduct the appropriate audit(s) on their systems and controls.

As part of Contrast’s due diligence, we ensure current and appropriate reports, certifications, policies and, in some instances, vendor assessments are in place. These are reviewed by the appropriate stakeholders at Contrast, i.e., Compliance, Information Security, Privacy, etc. We escalate any findings to the appropriate business owner and ensure a remediation plan is identified and closed in accordance with defined timelines.

●      Pen Test Security Assessment (February 2021)

●      SOC 2 Type II Report (September 2021)

●      Privacy Statement

Lacework

Yes

Lacework engages an industry-recognized independent auditor to conduct the appropriate audit(s) on their systems and controls.

As part of Contrast’s due diligence, we ensure current and appropriate reports, certifications, policies and, in some instances, vendor assessments are in place. These are reviewed by the appropriate stakeholders at Contrast, i.e., Compliance, Information Security, Privacy, etc. We escalate any findings to the appropriate business owner and ensure a remediation plan is identified and closed in accordance with defined timelines.

●      SOC 2 Type II Report (August 2021)

●      Bridge Letter SOC 2 Type II (October 2021)

●      Privacy Policy

Salesforce, Inc.

Yes

Salesforce engages an industry-recognized independent auditor to conduct the appropriate audit(s) on their systems and controls.

As part of Contrast’s due diligence, we ensure current and appropriate reports, certifications, policies and, in some instances, vendor assessments are in place. These are reviewed by the appropriate stakeholders at Contrast, i.e., Compliance, Information Security, Privacy, etc. We escalate any findings to the appropriate business owner and ensure a remediation plan is identified and closed in accordance with defined timelines.

●      SOC 2 Type II Report (October 2021)

●      ISO 27001:2013 (issued April 2022)

●      ISO 27017:2015 (issued April 2022)

●      ISO 27018:2019 (issued April 2022)

●      CSA CAIQ (2022)

●      Pen Test Security Assessment (February 2022)

Slack Technologies, Inc.

Yes

Slack engages an industry-recognized independent auditor to conduct the appropriate audit(s) on their systems and controls.

As part of Contrast’s due diligence, we ensure current and appropriate reports, certifications, policies and, in some instances, vendor assessments are in place. These are reviewed by the appropriate stakeholders at Contrast, i.e., Compliance, Information Security, Privacy, etc. We escalate any findings to the appropriate business owner and ensure a remediation plan is identified and closed in accordance with defined timelines.

●      SOC 2 Type II Report (November 2021)

●      ISO 27001:2013 certificate (issued November 2021)

●      ISO 27018:2019 certificate (issued November 2021)

●      ISO 27017:2015 certificate (issued November 2021)

●      CSA CAIQ (2021)

●      Pen Test Security Assessment (November 2021)

●      Privacy Policy

Splunk On-Call (Formerly VictorOps)

Yes

Splunk engages an industry-recognized independent auditor to conduct the appropriate audit(s) on their systems and controls.

As part of Contrast’s due diligence, we ensure current and appropriate reports, certifications, policies and, in some instances, vendor assessments are in place. These are reviewed by the appropriate stakeholders at Contrast, i.e., Compliance, Information Security, Privacy, etc. We escalate any findings to the appropriate business owner and ensure a remediation plan is identified and closed in accordance with defined timelines.

●      SOC 2 Type II Report (November 2021)

●      Information Security Policy

●      Corporate Security Policy

●      Cloud Security Addendum

●      Privacy Policy

Sumo Logic, Inc.

Yes

Sumo Logic engages an industry-recognized independent auditor to conduct the appropriate audit(s) on their systems and controls.

As part of Contrast’s due diligence, we ensure current and appropriate reports, certifications, policies and, in some instances, vendor assessments are in place. These are reviewed by the appropriate stakeholders at Contrast, i.e., Compliance, Information Security, Privacy, etc. We escalate any findings to the appropriate business owner and ensure a remediation plan is identified and closed in accordance with defined timelines.

●      Vendor Security Assessment (VSA)

●      SOC 2 Type II Report (March 2021)

●      Security Statement

●      Pen Test Security Assessment (October 2021)

●      ISO 27001:2013 certificate (issued February 2022)

●      Privacy Policy

Tenable, Inc.

Yes

Tenable engages an industry-recognized independent auditor to conduct the appropriate audit(s) on their systems and controls.

As part of Contrast’s due diligence, we ensure current and appropriate reports, certifications, policies and, in some instances, vendor assessments are in place. These are reviewed by the appropriate stakeholders at Contrast, i.e., Compliance, Information Security, Privacy, etc. We escalate any findings to the appropriate business owner and ensure a remediation plan is identified and closed in accordance with defined timelines.

●      ISO 27001:2013 certificate (issued December 2020)

●      Pen Test Security Assessment (July 2021)

●      SIG Core (2022)

●      Privacy Policy

Zendesk, Inc.

Yes

Zendesk engages an industry-recognized independent auditor to conduct the appropriate audit(s) on their systems and controls.

As part of Contrast’s due diligence, we ensure current and appropriate reports, certifications, policies and, in some instances, vendor assessments are in place. These are reviewed by the appropriate stakeholders at Contrast, i.e., Compliance, Information Security, Privacy, etc. We escalate any findings to the appropriate business owner and ensure a remediation plan is identified and closed in accordance with defined timelines.

●      ISO 27001:2013 certificate (issued April 2021)

●      ISO 27018:2014 certificate (issued April 2021)

●      SOC 2 Type II Report (September 2021)

●      Pen Test Security Assessment (May 2021)

●      CSA CAIQ

●      Security Documentation

●      Privacy Policy

 

 

Tier 2 / Sub-Processors for CRM and Business Operations (Business Contact Information Processed)

Sub-Processor

Audit Conducted

Audit Method

Evidence Reviewed by Contrast Security, Inc

Gainsight, Inc.

Yes

Gainsight engages an industry-recognized independent auditor to conduct the appropriate audit(s) on their systems and controls.

As part of Contrast’s due diligence, we ensure current and appropriate reports, certifications, policies and, in some instances, vendor assessments are in place. These are reviewed by the appropriate stakeholders at Contrast, i.e., Compliance, Information Security, Privacy, etc. We escalate any findings to the appropriate business owner and ensure a remediation plan is identified and closed in accordance with defined timelines.

●      SOC 2 Type II Report (December 2021)

●      CSA CAIQ - 2022

●      SIG Lite - 2022

●      Privacy Policy

●      Pen Test Security Assessment (October 2021)

 

Google

Workspace

Yes

Google Workspace engages an industry-recognized independent auditor to conduct the appropriate audit(s) on their systems and controls.

As part of Contrast’s due diligence, we ensure current and appropriate reports, certifications, policies and, in some instances, vendor assessments are in place. These are reviewed by the appropriate stakeholders at Contrast, i.e., Compliance, Information Security, Privacy, etc. We escalate any findings to the appropriate business owner and ensure a remediation plan is identified and closed in accordance with defined timelines.

●      SOC 2 Type II Report (April 2021)

●      Privacy Policy

●      ISO 27001:2013 (Issued May 2021)

●      IS0 27018:2019 (issued May 2021)

●      ISO 27017:2015 (issued May 2021)

Highspot, Inc.

Yes

Highspot engages an industry-recognized independent auditor to conduct the appropriate audit(s) on their systems and controls.

As part of Contrast’s due diligence, we ensure current and appropriate reports, certifications, policies and, in some instances, vendor assessments are in place. These are reviewed by the appropriate stakeholders at Contrast, i.e., Compliance, Information Security, Privacy, etc. We escalate any findings to the appropriate business owner and ensure a remediation plan is identified and closed in accordance with defined timelines.

●      SOC 2 Type II Report (August 2021)

●      Privacy Policy

Hubspot, Inc.

Yes

Hubspot engages an industry-recognized independent auditor to conduct the appropriate audit(s) on their systems and controls.

As part of Contrast’s due diligence, we ensure current and appropriate reports, certifications, policies and, in some instances, vendor assessments are in place. These are reviewed by the appropriate stakeholders at Contrast, i.e., Compliance, Information Security, Privacy, etc. We escalate any findings to the appropriate business owner and ensure a remediation plan is identified and closed in accordance with defined timelines.

●      ISO 27001:2013 certificate

●      SOC 2 Type II Report (April 2021)

●      SOC 2 Type II Bridge Letter (November 2021)

●      Pen Test Security Assessment (November 2021)

●      Security Overview

●      Privacy Policy

JFrog Artifactory

Yes

JFrog engages an industry-recognized independent auditor to conduct the appropriate audit(s) on their systems and controls.

As part of Contrast’s due diligence, we ensure current and appropriate reports, certifications, policies and, in some instances, vendor assessments are in place. These are reviewed by the appropriate stakeholders at Contrast, i.e., Compliance, Information Security, Privacy, etc. We escalate any findings to the appropriate business owner and ensure a remediation plan is identified and closed in accordance with defined timelines.

●      ISO 27001:2013 certificate (issued January 2022)

●      ISO 27017:2015 certificate (issued January 2022)

●      SOC 2 Type II Report (December 2021)

●      Privacy Policy

Mechdyne

 

Mechdyne engages an industry-recognized independent auditor to conduct the appropriate audit(s) on their systems and controls.

As part of Contrast’s due diligence, we ensure current and appropriate reports, certifications, policies and, in some instances, vendor assessments are in place. These are reviewed by the appropriate stakeholders at Contrast, i.e., Compliance, Information Security, Privacy, etc. We escalate any findings to the appropriate business owner and ensure a remediation plan is identified and closed in accordance with defined timelines.

Privacy Policy

MentorMate

Yes

MentorMate engages an industry-recognized independent auditor to conduct the appropriate audit(s) on their systems and controls.

As part of Contrast’s due diligence, we ensure current and appropriate reports, certifications, policies and, in some instances, vendor assessments are in place. These are reviewed by the appropriate stakeholders at Contrast, i.e., Compliance, Information Security, Privacy, etc. We escalate any findings to the appropriate business owner and ensure a remediation plan is identified and closed in accordance with defined timelines.

●      SOC 2 Type I report (February 2022)

●      Contrast Vendor Assessment

●      Vendor Code Policy

●      Privacy Policy

Microsoft

Yes

Microsoft engages an industry-recognized independent auditor to conduct the appropriate audit(s) on their systems and controls.

As part of Contrast’s due diligence, we ensure current and appropriate reports, certifications, policies and, in some instances, vendor assessments are in place. These are reviewed by the appropriate stakeholders at Contrast, i.e., Compliance, Information Security, Privacy, etc. We escalate any findings to the appropriate business owner and ensure a remediation plan is identified and closed in accordance with defined timelines.

●      SOC 2 Type II Report (September 2021)

●      Privacy Policy

●      Bridge Letter SOC 2 Type II (January 2022)

Netsuite/ Oracle Corporation

Yes

Netsuite engages an industry-recognized independent auditor to conduct the appropriate audit(s) on their systems and controls.

As part of Contrast’s due diligence, we ensure current and appropriate reports, certifications, policies and, in some instances, vendor assessments are in place. These are reviewed by the appropriate stakeholders at Contrast, i.e., Compliance, Information Security, Privacy, etc. We escalate any findings to the appropriate business owner and ensure a remediation plan is identified and closed in accordance with defined timelines.

●      SOC 2 Type II Report (September 2021)

●      Privacy Policy

Pendo.io

Yes

Pendo engages an industry-recognized independent auditor to conduct the appropriate audit(s) on their systems and controls.

As part of Contrast’s due diligence, we ensure current and appropriate reports, certifications, policies and, in some instances, vendor assessments are in place. These are reviewed by the appropriate stakeholders at Contrast, i.e., Compliance, Information Security, Privacy, etc. We escalate any findings to the appropriate business owner and ensure a remediation plan is identified and closed in accordance with defined timelines.

●      SOC 2 Type II Report (December 2021)

●      Privacy Policy

Propelo (Formerly LevelOps)

Yes

Propelo engages an industry-recognized independent auditor to conduct the appropriate audit(s) on their systems and controls.

As part of Contrast’s due diligence, we ensure current and appropriate reports, certifications, policies and, in some instances, vendor assessments are in place. These are reviewed by the appropriate stakeholders at Contrast, i.e., Compliance, Information Security, Privacy, etc. We escalate any findings to the appropriate business owner and ensure a remediation plan is identified and closed in accordance with defined timelines.

●      Security Datasheet • Privacy Datasheet

●      SOC2 Type I Report (March 2021)

●      Contrast Vendor Assessment

●      Privacy Policy

Salesloft

Yes

Salesloft engages an industry-recognized independent auditor to conduct the appropriate audit(s) on their systems and controls.

As part of Contrast’s due diligence, we ensure current and appropriate reports, certifications, policies and, in some instances, vendor assessments are in place. These are reviewed by the appropriate stakeholders at Contrast, i.e., Compliance, Information Security, Privacy, etc. We escalate any findings to the appropriate business owner and ensure a remediation plan is identified and closed in accordance with defined timelines.

●      SOC 2 Type II Report (June 2021)

●      ISO 27001:2013 certificate

●      Privacy Policy

SonarCloud

Yes

SonarCloud engages an industry-recognized independent auditor to conduct the appropriate audit(s) on their systems and controls.

As part of Contrast’s due diligence, we ensure current and appropriate reports, certifications, policies and, in some instances, vendor assessments are in place. These are reviewed by the appropriate stakeholders at Contrast, i.e., Compliance, Information Security, Privacy, etc. We escalate any findings to the appropriate business owner and ensure a remediation plan is identified and closed in accordance with defined timelines.

●      ISO 27001:2013 Attestation

●      Privacy Policy

●      Pen Test Security Assessment Report (June 2021)

Zoom

Yes

Zoom engages an industry-recognized independent auditor to conduct the appropriate audit(s) on their systems and controls.

As part of Contrast’s due diligence, we ensure current and appropriate reports, certifications, policies and, in some instances, vendor assessments are in place. These are reviewed by the appropriate stakeholders at Contrast, i.e., Compliance, Information Security, Privacy, etc. We escalate any findings to the appropriate business owner and ensure a remediation plan is identified and closed in accordance with defined timelines.

●      SOC 2 Type II Report (October 2021)

●      CSA CAIQ

●      SIG Full

●      ISO 27001:2013 (issued December 2021)

●      Privacy Policy

ZoomInfo

Yes

ZoomInfo engages an industry-recognized independent auditor to conduct the appropriate audit(s) on their systems and controls.

As part of Contrast’s due diligence, we ensure current and appropriate reports, certifications, policies and, in some instances, vendor assessments are in place. These are reviewed by the appropriate stakeholders at Contrast, i.e., Compliance, Information Security, Privacy, etc. We escalate any findings to the appropriate business owner and ensure a remediation plan is identified and closed in accordance with defined timelines.

●      SOC 2 Type II Report (February 2021)

●      ISO 27001:2013 certificate

●      Security Overview

●      Privacy Policy