Trust and Compliance
We are committed to safeguarding the information in our custody and under our control. Our Operational Risk program is dynamic and proactive allowing us to stay abreast of the latest changes and enhancements to the ever-evolving global compliance landscape. We have implemented practical and sound administrative, technical, and physical safeguards to protect against unauthorized access, use, modification and disclosure of this information. This is a responsibility that we take seriously, and we have strong internal controls around change management and employee accountability.
SOC2 Type II / SOC3
Contrast has been audited against the AICPA SOC standards since November 2016. Contrast is audited for controls related to: Availability, Confidentiality, Privacy and Security, and the audit also maps to HITRUST controls.
Contrast’s audit period is April 1 - March 31. You can download a copy of our SOC3 report here. To obtain our SOC2 Type II report, an NDA must be in place. Please email firstname.lastname@example.org to request an NDA for the purpose of reviewing the SOC2 Type II report.
Contrast is committed to achieving FedRAMP “in process” designation by YE 2023. FedRAMP designation, coupled with Contrast’s products and other significant controls such as SOC2 Type II, will further demonstrate our best-in-class security product, standards and compliance in support of our customers and will further the goal of a software-secure world. Contrast has partnered with an industry leader in compliance automation to accelerate the process.
Texas Risk and Authorization Management Program
Contrast Security has earned provisional status certification under the Texas Risk and Authorization Management Program (TX-RAMP), which is a requirement to do business with Texas state agencies. Because Contrast has now achieved this certification, Texas state agencies can take full advantage of our best-in-class security product. Contrast anticipates Full TX-RAMP certification achievement by early 2024.
At the heart of our ethos lie values we hold dear: integrity, trust and accountability.
Keeping your data secure is critical to us at Contrast. We follow industry best practices in application, network, and product security to ensure that your data is safe. We envision a world where we can trust software with the most important activities of humanity. We love software, and it hurts us to see it misused to cause harm to others. As a security company, we not only protect our business, but yours as well. Contrast is committed to the highest standards of application and network security for our hosted products. At the core of our approach to security is a commitment to transparency – across our protections, processes, and even potential issues.
Contrast is primarily responsible for the management of any PI that you voluntarily provide us and that is used with our affiliates or third parties. We do not provide your information to third parties for marketing purposes without your prior consent. We never sell your data.