Rapid7 Trust

Compliance

Rapid7 strives to maintain a world class security program driven by a blend of published standards and industry best practices.

SOC 2 Type II

Rapid7 undergoes a SOC 2 Type II audit annually to ensure the effectiveness of controls relevant to security.

EU General Data Protection Regulation (GDPR)

The European Union’s (EU) General Data Protection Regulation (GDPR) went into effect on May 25, 2018. GDPR imposes new obligations in relation to the processing, storage, and transmission of personal data of individuals residing in the EU. With customers around the world, Rapid7 has implemented controls across our organization to achieve and maintain compliance with this new framework.

Rapid7 has appointed a Data Protection Officer, who is reachable at privacy@rapid7.com, and our Data Processing Addendum has been incorporated into our standard contracts. For more information please review our Privacy Policy.

EU-U.S. Privacy Shield Framework

Rapid7 participates in and has certified compliance with the EU-U.S. Privacy Shield Framework. Rapid7 is responsible for the processing of personal data it receives under the Privacy Shield Framework, and subsequent transfers to a third-party acting as an agent on its behalf. Rapid7 complies with the Privacy Shield Principles for all transfers of personal data from the European Economic Area (“EEA”), including the onward transfer liability provisions. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List.

Sarbanes-Oxley Act (SOX)

The Sarbanes-Oxley Act (SOX) was enacted by the United States Congress in 2002 to protect shareholders and the general public from accounting errors and fraudulent practices in enterprises, and to improve the accuracy of corporate disclosures. Rapid7 is a publicly traded company and undergoes SOX audits on an annual basis to ensure our internal control system is well structured and operating effectively.

 

Insight platform cloud infrastructure provider

Our Insight platform cloud infrastructure provider continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. We review our infrastructure provider’s relevant reports as part of our vendor management program and audit process. If you would like to access these reports, including SOC 2, SOC 3, FedRAMP Partner Package, and ISO 27001:2013 SoA, we can direct you to these documents through our service provider.