Trust Center

Start your security review

Overview

Rootly has implemented best-in-class security practices to keep customer data safe and operates in the most regulated markets.

100s of global organizations from fast growing startups to F500 trust Rootly to be their incident management solution of choice.

Contact: security@rootly.com

Compliance

CCPA Logo
CCPA
GDPR Logo
GDPR
SOC 2 Logo
SOC 2
Start your security review

Rootly is reviewed and trusted by

CiscoCisco
CanvaCanva
GrammarlyGrammarly
WealthsimpleWealthsimple
FaireFaire
PoshmarkPoshmark
ShellShell
Cypress.ioCypress.io
RivianRivian
SquarespaceSquarespace
NVIDIANVIDIA

Documents

Pentest Report
SOC 2 Report
SOC 2
Cyber Insurance
Data Processing Agreement
Master Services Agreement

Product Security

Audit Logging
Data Security
Integrations
View more

Reports

Pentest Report
SOC 2 Report

Data Security

Access Monitoring
Backups Enabled
Data Erasure
View more

App Security

Responsible Disclosure
Code Analysis
Credential Management
View more

Legal

Cyber Insurance
Data Processing Agreement
Master Services Agreement
View more

Access Control

Data Access
Logging
Password Security

Infrastructure

Amazon Web Services
Anti-DDoS
BC/DR
View more

Endpoint Security

Disk Encryption
Endpoint Detection & Response
Mobile Device Management

Network Security

Data Loss Prevention
Security Information and Event Management
Zero Trust

Corporate Security

Email Protection
Employee Training
Incident Response
View more

Policies

We are currently working with experts to put together our company policies. Please contact us for more details.

Trust Center Updates

CVE-2023-34362

VulnerabilitiesCopy link

After careful review of our infrastructure and SBOM, the Rootly team has determined that we are not currently vulnerable to the MOVEit Transfer Critical Vulnerability CVE-2023-34362 that were disclosed on June 16th, 2023.

Published at N/A

CVE-2022-3602 & CVE-2022-3786

IncidentsCopy link

After careful review of our infrastructure and SBOM, the Rootly team has determined that we are not currently vulnerable to the OpenSSL 3 vulnerabilities CVE-2022-3602 and CVE-2022-3786 that were disclosed on November 1, 2022.

Published at N/A

CVE-2022-21449

IncidentsCopy link

None of our services are running Java 15, 17, and 18 so this vulnerability (CVE-2022-21449) is not exploitable on our side.

Published at N/A

If you think you may have discovered a vulnerability, please send us a note.

Report Issue
Powered bySafeBase Logo