Security
Learn how we protect our platform and customer data through encryption, access controls, monitoring, secure
development practices, and ongoing testing.
Home
SOCRadar Trust Center
SOCRadar Trust Center
Message from the CEO:
At SOCRadar, trust is not a statement — it is a responsibility.
Our customers rely on us to deliver timely, accurate threat intelligence while protecting the data entrusted to us. That responsibility drives every decision we make, from how we design our platform to how we train our people and engage with independent auditors.
Security, privacy, and compliance are not one-time achievements. They are continuous commitments. Through internationally recognized certifications, transparent practices, and rigorous internal controls, we work every day to earn and maintain your trust.
Thank you for choosing SOCRadar as your partner in navigating the evolving threat landscape.
— CEO, SOCRadar
SOCRadar Trust Center
Trust is the foundation of how we build, operate, and secure SOCRadar. This Trust Center provides a clear view into
our security, privacy, compliance, and reliability practices.
- ISO/IEC 27001
- SOC 2 Type I
- SOC 2 Type II
- CSA STAR Level 1
These certifications and attestations reflect independent assurance of our security and compliance controls.
Message from the CEO
At SOCRadar, trust is not a statement — it is a responsibility.
Our customers rely on us to deliver timely, accurate threat intelligence while protecting the data entrusted to us.
That responsibility drives every decision we make, from how we design our platform to how we train our people and
engage with independent auditors.Security, privacy, and compliance are not one-time achievements. They are continuous commitments. Through
internationally recognized certifications, transparent practices, and rigorous internal controls, we work every day
to earn and maintain your trust.Thank you for choosing SOCRadar as your partner in navigating the evolving threat landscape.
Privacy
Understand what data we process, how we use it, and how we support applicable data subject rights. We limit access
by role and follow least-privilege principles.
Compliance
Review our certifications and attestations, including ISO/IEC 27001, SOC 2 Type I/II, and CSA STAR Level 1.
Reliability
See how we plan for continuity, respond to incidents, and maintain resilient operations designed to support service
availability.
Contact
- Security: [email protected]
- Privacy: [email protected]
- Legal: [email protected]
- Status: View service status
Security at SOCRadar
SOCRadar operates a risk-based information security program designed to protect the confidentiality, integrity, and
availability of customer data.
Security Program Overview
- Defense-in-depth security architecture
- Centralized logging and security monitoring
- Secure software development lifecycle (SDLC)
- Regular security testing and continuous improvement
- Independent audits aligned with recognized standards
Core Security Controls
Access Control
- Role-based access control (RBAC) aligned with least privilege
- Multi-factor authentication (MFA) for privileged access and key systems
- Quarterly access reviews for internal users
- Administrative access protected via VPN and logging
Encryption & Key Management
- Encryption in transit using modern TLS configurations
- Encryption at rest for sensitive data
- Key management practices for secure storage, rotation, and access control
Vulnerability Management & Testing
- Continuous vulnerability scanning and tracking
- Risk-based remediation prioritization
- Secure coding and application security testing practices
- Independent penetration testing (periodic)
Monitoring, Detection & Response
- Centralized logging to support detection and investigation
- Security event monitoring and alerting
- Documented incident response procedures
Security Contacts
To report a security concern or vulnerability, contact:
[email protected]
Privacy & Data Protection
SOCRadar is committed to responsible processing of personal data and transparency in how data is handled across our
services and operations.
Privacy by Design
We embed privacy principles into product development and operational processes, including data minimization, access
restriction by role, and security controls that help protect personal data.
Data We Process
Depending on the service and customer relationship, SOCRadar may process limited personal data such as:
- Contact information (e.g., name, email, company, country)
- Account and authentication data
- Service usage and operational data
- Customer support communications
Role-Based Data Access (Least Privilege)
Access to customer and personal data is restricted by role and aligned with least-privilege principles:
| Role | Accessible Data |
|---|---|
| Marketing | Name, Surname, Email, Company Name, Country |
| Analyst / Development | Name, Surname, Email, Company Name, Country, IP, Threat Intel Findings |
| Customer Success | Name, Surname, Email, Company Name, Country, Phone Number, Threat Intel Findings |
| Sales | Name, Surname, Email, Company Name, Country, Phone Number, Threat Intel Findings, Finance Information |
| Finance | Name, Surname, Email, Company Name, Country, Finance Information |
Data Subject Rights
Where applicable, SOCRadar supports data subject rights such as access, rectification, deletion, restriction, and
objection. Requests can be submitted via:
[email protected]
Privacy Contacts
For privacy inquiries, contact:
[email protected]
Compliance & Certifications
SOCRadar maintains a compliance program aligned with recognized standards and validated through independent
assessments.
Independent Assurance
Our controls are assessed against internationally recognized frameworks to provide customers with confidence in our
security and compliance posture.
Certifications & Attestations
- ISO/IEC 27001 — Information Security Management System (ISMS)
- SOC 2 Type I — Design of controls (Trust Services Criteria)
- SOC 2 Type II — Operating effectiveness of controls (Trust Services Criteria)
- CSA STAR Level 1 — Cloud security transparency and best practices
Policies & Standards
SOCRadar maintains documented policies and procedures across areas such as risk management, access management,
encryption, vulnerability management, secure development, vendor management, and incident response.
For questions regarding compliance or due diligence, contact:
[email protected]
Reliability & Business Continuity
SOCRadar maintains resilience practices designed to support service availability and respond effectively to
disruptions and security incidents.
Business Continuity
Our business continuity practices are designed to help maintain critical operations during unexpected events through
documented planning, operational readiness, and periodic review.
- Documented continuity planning and response coordination
- Disaster recovery capabilities aligned to service needs
- Operational processes to support availability and recovery
Incident Response & Notification
If a security incident occurs, we follow defined processes to investigate, contain, and remediate. Customers are
notified in accordance with contractual and regulatory obligations.
- Incident triage and containment
- Impact assessment and root cause analysis
- Corrective actions and continuous improvement
- Customer communications when required
Status
For real-time updates on service availability, visit our status page:
{{STATUS_URL}}
Support
If you need assistance, contact:
[email protected]
Responsible Disclosure
SOCRadar encourages responsible vulnerability disclosure and values collaboration with the security research
community.
How to Report a Vulnerability
Please include:
- A clear description of the issue and potential impact
- Steps to reproduce (proof of concept where appropriate)
- Relevant logs, screenshots, or request/response samples (redact sensitive data)
- Any suggested mitigations
Guidelines
- Do not access or modify customer data
- Do not perform disruptive testing (e.g., DDoS, spam, or social engineering)
- Give us reasonable time to investigate and remediate before public disclosure
Contact
Email our security team at:
[email protected]
[email protected] ([email protected])
[email protected] ([email protected])
[email protected] ([email protected])
Encryption & Key Management
SOCRadar uses industry-standard encryption to protect data in transit and at rest, supported by controlled key
management practices.
Encryption in Transit
We protect data transmitted between clients, services, and external dependencies using modern TLS configurations.
This helps reduce the risk of interception or tampering while data moves across networks.
- TLS is used for external and internal service communications where applicable
- Secure cipher suites are configured and periodically reviewed
- Certificates are managed with defined renewal and monitoring practices
Encryption at Rest
Where appropriate, we encrypt sensitive data stored in databases, backups, and other storage layers to help prevent
unauthorized access in the event of exposure.
- Strong encryption is applied to stored data for applicable systems
- Backups are protected using security controls aligned with our data protection objectives
- Access to encrypted data is restricted via role-based controls
Key Management
Encryption is supported by key management practices designed to control how cryptographic keys are created, stored,
used, rotated, and retired.
- Key access is limited to authorized roles and services
- Key rotation and lifecycle management are defined and maintained
- Key usage is governed by monitoring and logging controls where applicable
Questions
For due diligence inquiries about encryption practices, contact:
[email protected]
Access Control
SOCRadar restricts access to systems and data using least-privilege principles, role-based access control (RBAC),
and safeguards for privileged operations.
Least Privilege & RBAC
Access is provisioned based on job responsibilities and limited to what is required to perform assigned duties.
Access requests, changes, and removals follow defined workflows.
- Role-based permissions aligned to responsibilities
- Access is reviewed on a periodic basis
- Timely deprovisioning when access is no longer required
Authentication & MFA
Authentication controls are implemented to reduce unauthorized access risks and strengthen account security.
- MFA for privileged access and key systems where applicable
- Strong password and session management controls
- Additional safeguards for administrative operations
Privileged Access Management
Privileged access is restricted and monitored. Administrative access is protected by layered security controls and
logging.
- Administrative access restricted to authorized personnel
- Logging enabled for sensitive administrative actions where applicable
- Remote administrative access is protected by additional controls (e.g., VPN)
Segregation of Duties
SOCRadar applies segregation-of-duties practices to reduce the risk of unauthorized or unreviewed changes.
- Separation of responsibilities for sensitive workflows
- Change review and approval mechanisms where applicable
Questions
For access-control due diligence questions, contact:
[email protected]
Vulnerability Management
SOCRadar identifies, prioritizes, and remediates vulnerabilities using a risk-based approach across infrastructure,
applications, and supporting components.
How We Manage Vulnerabilities
- Continuous and periodic scanning where applicable
- Application and network security testing practices
- Risk-based prioritization informed by severity and exposure
- Tracking through remediation to closure
- Verification of fixes where applicable
Remediation Targets (High-Level)
We prioritize remediation based on severity and business risk. The table below provides high-level target timelines.
Actual timelines may vary based on impact, exploitability, affected scope, and compensating controls.
| Severity | Typical Examples | Target Remediation |
|---|---|---|
| Critical | Actively exploitable or high-impact exposure | As soon as possible (accelerated) |
| High | Significant risk; plausible exploitation | Prioritized, risk-based timeline |
| Medium | Moderate impact; often requires preconditions | Scheduled remediation |
| Low | Low impact or informational findings | As resources permit / backlog |
Responsible Disclosure
If you believe you have found a vulnerability, please report it privately through our Responsible Disclosure page.
Questions
For vulnerability management and due diligence questions, contact:
[email protected]
Vendor Management
SOCRadar assesses and manages third-party vendors to reduce supply-chain risk and help ensure appropriate security
and privacy controls are in place.
How We Evaluate Vendors
Before onboarding and during ongoing relationships, we apply a risk-based approach that considers the nature of the
service, data sensitivity, and operational criticality.
- Security and privacy review based on vendor risk
- Contractual requirements for confidentiality and data protection
- Assessment of compliance posture where applicable
- Review of incident notification and support expectations
- Ongoing monitoring and periodic reassessment for higher-risk vendors
Data Access & Minimization
Vendor access to systems and data is limited to what is necessary to deliver services. Where applicable, we use
controls such as least privilege, segmentation, and logging.
- Least-privilege access and scoped permissions
- Access revocation when no longer required
- Monitoring and review for sensitive integrations
Subprocessors
SOCRadar does not currently publish a public subprocessors list on this page. If you require subprocessor details
for procurement or compliance, please contact us.
Questions
For vendor management due diligence requests, contact:
[email protected]
Trust Center FAQ
Quick answers to common security, privacy, compliance, and reliability questions for customers and procurement
teams.
Security
Do you encrypt data in transit and at rest?
Yes. SOCRadar uses industry-standard encryption practices to protect data in transit (TLS) and applies encryption
at rest for sensitive data where appropriate. See Encryption & Key Management.
Do you use MFA?
SOCRadar uses MFA for privileged access and key systems where applicable, alongside RBAC and periodic access
reviews. See Access Control.
How do you manage vulnerabilities?
We use a risk-based vulnerability management program including scanning, testing, prioritization, remediation,
and verification where applicable. See Vulnerability Management.
Do you allow responsible vulnerability disclosure?
Yes. We encourage responsible disclosure and provide a dedicated reporting channel. See
Responsible Disclosure.
Compliance
Which certifications and attestations do you maintain?
SOCRadar maintains ISO/IEC 27001, SOC 2 Type I, SOC 2 Type II, and CSA STAR Level 1. See
Compliance.
Can you share audit reports (SOC 2) publicly?
This Trust Center is public. If you require detailed reports for procurement due diligence, please contact
[email protected].
Privacy
How do you restrict access to personal data internally?
We apply least-privilege and RBAC. Access is restricted by role and reviewed periodically. See
Privacy and Access Control.
How do we submit a privacy request?
Privacy inquiries and applicable data subject requests can be submitted to
[email protected].
Reliability
Do you have incident response and customer notification procedures?
Yes. SOCRadar maintains incident response practices to investigate, contain, remediate, and notify customers when
required by contract or regulation. See Reliability.
Where can we check service availability?
Visit our status page: {{STATUS_URL}}.
Contact
- Security: [email protected]
- Privacy: [email protected]
- Legal/Compliance: [email protected]
