Security Compliance

Legal and Security › Security Compliance

Security and trust are top priorities

Grafana Labs maintains high standards of data privacy and security by implementing:

Grafana Labs development includes continuous integration, detailed hange management policies, static code analysis and vulnerability analysis.

Securely store, visualize and alert without the headache of scaling or managing your own monitoring stack.

Grafana Cloud is a fully managed observability platform that makes it easy to collect, analyze and alert on metrics and logs all within Grafana.

Grafana Labs is committed to maintaining the highest standards of data privacy and security. By implementing industry-standard security technologies and procedures, we help protect our customers’ data from unauthorized access, use, or disclosure.

Certifications

SOC 2 Certification

Completing an independent third-party audit with A-LIGN for SOC 2 Certification
Conducted yearly

PCI Security Standards Council

Maintains PCI Compliant through third-party approved scanning vendors (ASV)
Conducted quarterly

Microsoft SSPA

Maintains Microsoft Supplier Security and Privacy Assurance (SSPA) status
Conducted yearly

GDPR Compliant

General Data Protection Regulation Data Processor Agreement (DPA) available and DPO
Requests should be sent to privacy@grafana.com for information

EU-U.S. Privacy Shield Framework

Pending compliance with the EU-U.S. Privacy Shield Framework

Cloud Security Alliance (CSA)

Completed CSA Security Trust Assurance and Risk (STAR) program
Additional certification pending for CAIQ/CCM

‘A’ grade for SSL/TLS

Independent ‘A’ grade for SSL/TLS, and encrypts data at rest and in transit