Reltio’s Trust Center: Setting the standard for security & data integrity

We are pleased to announce the launch of Reltio’s newly revamped Trust Center, a centralized resource designed to enhance transparency and trust in our security and compliance practices. The Trust Center is a comprehensive resource for our customers, providing updates, audits, certifications, documentation, and essential information about our security measures and compliance status.

What is the Trust Center?

The Trust Center is an online portal consolidating all of Reltio’s security and compliance information in one place. We recently revamped it with the cutting-edge TrustCloud solution to deliver enhancements and key benefits.

New Features:

• Compliance feeds: Stay updated with the latest compliance information needed.
• Access to certifications: Easily access and verify Reltio’s certifications.
• Security documentation and resources: Find detailed reports and documentation on our security measures.

Key benefits:

• Single source for information: Customers can easily find everything they need in one convenient location, eliminating the need to navigate multiple sources. This centralized approach saves time and ensures that customers always have direct access to the most current and comprehensive data.
• Simplified compliance: The Trust Center offers all the necessary documentation and reports in one place, making it easier for customers to navigate their compliance processes. Instead of spending valuable time gathering information from various sources, customers can quickly access what they need, streamlining their compliance efforts.
• Proactive security updates: The Trust Center enables customers to take proactive measures against potential threats. This means that customers can stay ahead of security risks, ensuring their data remains protected at all times.
• Self-service access: With 24/7 access to the Trust Center, customers can find the information they need anytime. This level of accessibility ensures that they are always equipped with the knowledge they need to make informed decisions about their data security and compliance.

Reltio is committed to trust, security, and data integrity

The Reltio Trust Center is a testament to our commitment to trust, security, and data integrity. We invite our customers to explore the Trust Center and learn more about our security and compliance efforts. Visit the Trust Center today to discover how Reltio is dedicated to protecting your data and ensuring transparency in our practices.

*****************

A deeper look at Reltio’s industry-leading security measures

The Reltio Trust Center sets the benchmark for data security with its comprehensive and robust framework designed to protect customer data. Here’s an in-depth look at the industry-leading security measures that Reltio employs:

Security framework

Reltio’s security framework is built on the HITRUST CSF foundation and incorporates principles from ISO 27001, ISO 22301, and NIST 800-53. This multi-layered approach ensures that the highest security standards are consistently maintained.

Audits and certifications

To ensure stringent security and privacy controls, Reltio undergoes annual third-party audits. These audits verify compliance and operational integrity, earning Reltio industry-recognized certifications such as HITRUST, SOC 2 Type II, and SOC 1 Type II. These certifications validate Reltio’s commitment to maintaining a secure environment for customer data.

Development and testing

Security is embedded in Reltio’s development lifecycle. All code is developed to the OWASP Top Ten standard, and engineering staff receive annual OWASP training. Quality assurance practices align with 21 CFR Part 11, encompassing comprehensive testing and stringent change controls to safeguard against vulnerabilities.

Cloud and network access

Reltio provides robust cloud and network access controls:

• Single Sign-On (SSO): Supports SAML 2 and OAuth 2 protocols for secure and convenient access.
• Role-Based Access Controls (RBAC): Allows customers to manage access rights within their deployment, ensuring security.
• Secure VPN Access:  Utilizes multi-factor authentication and bastions, with RBAC controls managed by Information Security.
• Hypervisor Console Access: Enforced with MFA and RBAC, restricting production network access by least privilege, managerial approval, and business need.

Data encryption

Customer data is protected through encryption at rest (AES-256) and in transit (TLS 1.2). Additionally, Reltio Shield enables customers to generate and control their own encryption keys, offering key rotation management via API.

Data backups and logical data separation

Reltio performs daily backups to secure locations to prevent data loss. Each customer tenant is authenticated separately with its own database keyspace, aligning with legal discovery requirements and ensuring logical data separation and integrity.

System logging

Reltio logs all system activities, including login, create, read, update, and delete actions. These logs can be viewed and exported by customers via API and are maintained for at least one year. Server, network, and intrusion detection logs are also kept, including critical events, and reviewed regularly.

Data sovereignty

The Reltio platform is hosted on AWS, Azure, and GCP across multiple regions. This hosting leverages the physical security measures and access controls of these cloud providers, ensuring resilience and scalability with distributed application and database nodes.

Business continuity

Reltio has a robust business continuity and disaster recovery plan based on ISO 22301. This plan ensures that operations can continue seamlessly during disruptions, maintaining data security and availability.

The Reltio Trust Center’s comprehensive approach to security demonstrates a commitment to protecting customer data through industry-leading practices and continuous improvement.