Skip to content

Trust and Compliance

 

We are committed to safeguarding the information in our custody and under our control. Our Operational Risk program is dynamic and proactive allowing us to stay abreast of the latest changes and enhancements to the ever-evolving global compliance landscape. We have implemented practical and sound administrative, technical, and physical safeguards to protect against unauthorized access, use, modification and disclosure of this information. This is a responsibility that we take seriously, and we have strong internal controls around change management and employee accountability.

Compliance

 

soc2-logo

 

SOC2 Type II / SOC3

Contrast has been audited against the AICPA SOC standards since November 2016. Contrast is audited for controls related to: Availability, Confidentiality, Privacy and Security, and the audit also maps to HITRUST controls.

Contrast’s audit period is April 1 - March 31. You can download a copy of our SOC3 report here. To obtain our SOC2 Type II report, an NDA must be in place. Please email rfp@contrastsecurity.com to request an NDA for the purpose of reviewing the SOC2 Type II report.

FedRAMP

Contrast is committed to achieving FedRAMP “in process” designation. FedRAMP designation, coupled with Contrast’s products and other significant controls such as SOC2 Type II, will further demonstrate our best-in-class security product, standards and compliance in support of our customers and will further the goal of a software-secure world. Contrast has partnered with an industry leader in compliance automation to accelerate the process.

FedRAMP-web-banner_Main-21-21-1

 

thumbnail_image002-2

 

Texas Risk and Authorization Management Program

Contrast Security has earned the Texas Risk and Authorization Management Program (TX-RAMP) certification in March 2024, which is a requirement to do business with Texas state agencies. Because Contrast has now achieved this certification, Texas state agencies can take full advantage of our best-in-class security product.

Corporate Governance

At the heart of our ethos lie values we hold dear: integrity, trust and accountability.

Security Practices

 

Keeping your data secure is critical to us at Contrast. We follow industry best practices in application, network, and product security to ensure that your data is safe. We envision a world where we can trust software with the most important activities of humanity. We love software, and it hurts us to see it misused to cause harm to others. As a security company, we not only protect our business, but yours as well.  Contrast is committed to the highest standards of application and network security for our hosted products. At the core of our approach to security is a commitment to transparency – across our protections, processes, and even potential issues.

Privacy Policy

 

Contrast is primarily responsible for the management of any PI that you voluntarily provide us and that is used with our affiliates or third parties. We do not provide your information to third parties for marketing purposes without your prior consent. We never sell your data.

Customers can request a list of SaaS third party licenses at the following email address: rfp@contrastsecurity.com.

privacy-policy-icon

Privacy Policy

Learn More
processor-icon

Sub-Processors

Learn More
cookies-icon

Cookies

Learn More

Documentation

Soc3 Report

 

SOC3 Report

 

Contrast has been audited against the AICPA SOC standards since November 2016. Contrast’s audit period is April 1 - March 31. You can download a copy of our SOC3 report here.

Security Statement

 

Security Statement


We follow industry best practices in application, network, and product security to ensure that your data is safe. You can download a copy of our Security Statement here.

Privacy Policy

 

Privacy Policy

Contrast is primarily responsible for the management of any PI that you voluntarily provide us and that is used with our affiliates or third parties. View privacy policy.

EoP SBOM

 

EoP Software Bill of Materials (SBOM)


At Contrast Security Inc, we are committed to fostering a culture of transparency by providing Software Bill of Materials (SBOM) for our core products. Our dedication to transparency underscores our unwavering commitment to open communication and accountability. Therefore, we have provided an SBOM for our on premises solution.

SCA SBOM

 

SCA Software Bill of Materials (SBOM)


We prioritize transparency in our SCA product, leveraging SBOMs to provide clear insights into software components. Our commitment ensures customers have a comprehensive understanding of our SCA tool's composition, fostering trust and security. 

SAST SBOM

 

SAST Software Bill of Materials (SBOM)


In our SAST solution, transparency is key. Our dedication to transparency guarantees that clients possess a thorough comprehension of our SAST tool's third party dependencies, instilling confidence and fortifying their digital defenses.

Agent SBOM

 

Agent Software Bill of Materials (SBOM)


Utilizing our Agent’s SBOMs ensures greater transparency by offering a comprehensive list of all software components and dependencies. This detailed visibility not only helps in pinpointing potential security risks but also builds trust with our customers.

api-vul-production-icon-01

Want to report a security concern?

Please see our Vulnerability Disclosure Policy or email us at security@contrastsecurity.com