Rapid7 Trust

Compliance

Rapid7 strives to maintain a world class security program driven by a blend of published standards and industry best practices.

SOC 2 Type II

Rapid7 undergoes a SOC 2 Type II audit annually to ensure the effectiveness of controls relevant to security.

EU General Data Protection Regulation (GDPR)

The European Union’s (EU) General Data Protection Regulation (GDPR) went into effect on May 25, 2018. GDPR imposes new obligations in relation to the processing, storage, and transmission of personal data of individuals residing in the EU. With customers around the world, Rapid7 has implemented controls across our organization to achieve and maintain compliance with this new framework.

Rapid7 has appointed a Data Protection Officer, who is reachable at privacy@rapid7.com, and our Data Processing Addendum has been incorporated into our standard contracts. For more information please review our Privacy Policy.

For information on personal data transfers and Brexit, please read our statement
 

EU-U.S. Privacy Shield Framework

Rapid7 participates in and has certified compliance with the EU-U.S. Privacy Shield Framework. Rapid7 is responsible for the processing of personal data it receives under the Privacy Shield Framework, and subsequent transfers to a third-party acting as an agent on its behalf. Rapid7 complies with the Privacy Shield Principles for all transfers of personal data from the European Economic Area (“EEA”), including the onward transfer liability provisions. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List.

Sarbanes-Oxley Act (SOX)

The Sarbanes-Oxley Act (SOX) was enacted by the United States Congress in 2002 to protect shareholders and the general public from accounting errors and fraudulent practices in enterprises, and to improve the accuracy of corporate disclosures. Rapid7 is a publicly traded company and undergoes SOX audits on an annual basis to ensure our internal control system is well structured and operating effectively.

Amazon Web Services (AWS) Security Competency

Achieving the Amazon Web Services (AWS) Security Competency differentiates Rapid7 as an AWS Partner Network (APN) member that offers specialized software designed to help organizations adopt, develop and deploy complex security projects on AWS. To receive the designation, APN partners must possess deep AWS expertise and deliver solutions seamlessly on AWS.

ISO 27001 b Schellman

ISO 27001 is an international standard for effectively managing information security. The standard was originally published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in 2005, revised in 2013, and again in 2022. It details requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS).

Rapid7’s ISMS is ISO 27001 certified. The ISO 27001 certification process includes a rigorous audit conducted by a third party. Rapid7’s ISMS was audited by Schellman. Certified organizations must undergo annual audits to maintain compliance.

 

Insight platform cloud infrastructure provider

The Rapid7 Insight cloud infrastructure is hosted in AWS. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. We review Amazon’s relevant reports as part of our vendor management program and audit process. If you would like to access Amazon's reports, including SOC 2, SOC 3, FedRAMP Partner Package, and ISO 27001:2013 SoA, we can direct you to these documents through the AWS Artifact website.