Home | Trust | Compliance

Compliance at Reltio

Reltio provides customers added assurance through auditing its privacy and security controls annually with an industry leading third party. Audits demonstrate Reltio has implemented controls to secure customer data and strives to enhance its existing security practices with valuable third party input and evolving industry best practices.

Mature Black Businesswoman Shaking Hands With New Business Partner Mature Black Businesswoman Shaking Hands With New Business Partner

HITRUST Common Security Framework

Reltio is certified for HITRUST Common Security Framework (CSF). HITRUST CSF unifies recognized standards and regulatory requirements from NIST, HIPAA/HITECH, ISO 27001, PCI DSS, FTC, and COBIT.

Service Organization Control Reports

Reltio is certified for SOC 1 Type II and SOC 2 Type II compliance for the Reltio Connected Data Platform. SOC 1 focuses on financial reporting controls as they relate to the security of a system. SOC 2 focuses on a business's non-financial reporting controls as they relate to the security of a system.

HIPAA Environment

Reltio maintains an environment on the Platform configured to help customers meet HIPAA requirements. The HIPAA environment uses HIPAA compliant services from our hosting vendors and complies with HIPAA requirements.

Reltio maintains a Business Associate Agreement (BAA) with our hosting vendors. The Platform encrypts customer data at rest and in-transit on the public Internet. The Activity Log captures all access and activity to platform services.

Third Party Security and Privacy Assessment

Reltio conducts an assessment of third-party vendors prior to utilizing vendor services as part of the Reltio Connected Data Platform or used for internal Reltio use. As part of the assessment, Reltio reviews the vendor’s SOC 2 type II reports or the vendor’s responses to a Reltio security assessment questionnaire. Reltio includes security and privacy obligations in its contractual agreements with such third-party vendors that are aligned with contractual obligations of Reltio’s customers as well as Reltio’s own security standards. Reltio conducts a reassessment of third-party vendors annually.

Third Party Penetration Testing

Reltio engages a reputable penetration testing third-party firm to review the Platform for vulnerabilities. Testing includes both network and application vulnerability scans and human penetration testing. Testing occurs on production and non-production tenants and network subnets. Reltio takes a risk-based approach to remediating penetration testing findings and prioritizes all critical and high findings.

Compliance FAQs

How frequently are you audited?

Reltio performs external audits annually for SOC I & SOC 2 compliance, as well as for HITRUST annual certification/recertification.

How frequently are you audited?

How do I request your most recent compliance reports or penetration test?

Please reach out to sales@reltio.com or your primary account manager to request a copy of these compliance reports

How do I request your most recent compliance reports or penetration test?

Does Reltio use Sub-processors?

Yes, a list of our sub-processes is available to current customers.
Please reach out to sales@reltio.com or your primary account manager to request a copy.

Please see Reltio's sub-processors here Does Reltio use Sub-processors?

What information security policies does Reltio have in place? Can I request copies? 

Reltio maintains approved security policies and procedures aligned to the HITRUST CSF standard. Reltio Information Security enforces these policies and procedures throughout the Reltio organization.   Reltio Security Operating Procedures cover:

  • Information Security
  • Acceptable Use
  • System Access
  • Asset Management
  • Physical Security
  • Password Control
  • Anti-Virus and Anti-Malware
  • Remote and Wireless Access
  • Data Security
  • Business Continuity & Disaster Recovery
  • Penetration Testing
  • Security Risk Assessment
  • Vendor Security Standard
  • Disciplinary Process
  • Security Configuration Management
  • Application Development Standards
  • Security Incident Management
  • On-Boarding and Termination
  • Training

Reltio updates our policies & procedures annually and as needed.

Please reach out to sales@reltio.com or your primary account manager to discuss your needs.

What information security policies does Reltio have in place? Can I request copies? 
How frequently are you audited?
How do I request your most recent compliance reports or penetration test?
Does Reltio use Sub-processors?
What information security policies does Reltio have in place? Can I request copies? 

Request more information about our security controls and compliance reports.