Compliance at Reltio
Reltio provides customers added assurance through auditing its privacy and security controls annually with an industry leading third party. Audits demonstrate Reltio has implemented controls to secure customer data and strives to enhance its existing security practices with valuable third party input and evolving industry best practices.
HITRUST Common Security Framework
Reltio is certified for HITRUST Common Security Framework (CSF). HITRUST CSF unifies recognized standards and regulatory requirements from NIST, HIPAA/HITECH, ISO 27001, PCI DSS, FTC, and COBIT.
Service Organization Control Reports
Reltio is certified for SOC 1 Type II and SOC 2 Type II compliance for the Reltio Connected Data Platform. SOC 1 focuses on financial reporting controls as they relate to the security of a system. SOC 2 focuses on a business’s non-financial reporting controls as they relate to the security of a system.
HIPAA Environment
Reltio maintains an environment on the Platform configured to help customers meet HIPAA requirements. The HIPAA environment uses HIPAA compliant services from our hosting vendors and complies with HIPAA requirements.
Reltio maintains a Business Associate Agreement (BAA) with our hosting vendors. The Platform encrypts customer data at rest and in-transit on the public Internet. The Activity Log captures all access and activity to platform services.
Third Party Security and Privacy Assessment
Reltio conducts an assessment of third-party vendors prior to utilizing vendor services as part of the Reltio Connected Data Platform or used for internal Reltio use. As part of the assessment, Reltio reviews the vendor’s SOC 2 type II reports or the vendor’s responses to a Reltio security assessment questionnaire. Reltio includes security and privacy obligations in its contractual agreements with such third-party vendors that are aligned with contractual obligations of Reltio’s customers as well as Reltio’s own security standards. Reltio conducts a reassessment of third-party vendors annually.
Third Party Penetration Testing
Reltio engages a reputable penetration testing third-party firm to review the Platform for vulnerabilities. Testing includes both network and application vulnerability scans and human penetration testing. Testing occurs on production and non-production tenants and network subnets. Reltio takes a risk-based approach to remediating penetration testing findings and prioritizes all critical and high findings.
Compliance FAQs
How frequently are you audited?
Reltio performs external audits annually for SOC I & SOC 2 compliance, as well as for HITRUST annual certification/recertification.
How do I request your most recent compliance reports or penetration test?
Please reach out to sales@reltio.com or your primary account manager to request a copy of these compliance reports
Does Reltio use Sub-processors?
Yes, a list of our sub-processes is available to current customers.
Please reach out to sales@reltio.com or your primary account manager to request a copy.
What information security policies does Reltio have in place? Can I request copies?
Reltio maintains approved security policies and procedures aligned to the HITRUST CSF standard. Reltio Information Security enforces these policies and procedures throughout the Reltio organization. Reltio Security Operating Procedures cover:
|
|
Reltio updates our policies & procedures annually and as needed.
Please reach out to sales@reltio.com or your primary account manager to discuss your needs.