New Relic has always taken security seriously, and we know that our users do, too. So to help you understand exactly how we protect your data, and in the spirit of transparency, we recently created a new, easier-to-read-and-understand security whitepaper laying out our security practices.
The document, Security Information & Policies, is available on the New Relic Security Overview page and is designed to make our approach to security as clear as possible. It provides a high-level overview of the New Relic Security Program and Practices, addressing the most common concerns New Relic customers and potential customers might have about security and privacy, and outlines some of the security controls available within New Relic services.
Specifically, the document covers top-level information on:
- What kinds of data are collected by our various products and services
- Information about our secure tier 3 SSAE 16 certified data center
- How we protect and encrypt the data we collect
- Special considerations for European Union customers, including our E.U. Safe Harbor Certification
- Details on our application security program
- Our security policies, which cover a wide variety of areas and are updated annually
- Our security audits and certifications, including SOC 2 Type II audits and membership in the Cloud Security Alliance (CSA) and Security, Trust & Assurance Registry (STAR) self-assessment
- User management policies, including password, roles of authorized users, and account management
- How to configure New Relic’s security settings for transaction traces and agents, including Enterprise Security mode
- Our disaster recovery planning, which is updated annually
- Compliance issues for PCI-compliant and HIPAA environments—including High Security Mode
The document is a great way to get a quick, not-super-technical introduction into how New Relic deals with security. For even more on our security initiatives, see New Relic Joins Cloud Security Alliance to Promote SaaS Security.