Security Compliance

Legal and Security › Security Compliance

Security and trust are top priorities

Grafana Labs maintains high standards of data privacy and security by implementing:

  • Life Cycle Management of Users (LCM) which include Security Training
  • Best practices for internal Data Loss Protection (DLP)
  • Multi-factor authentication (MFA/2FA)
  • Regular infrastructure vulnerability assessments
  • Independent third-party penetration testing and independent audits

Grafana Labs development includes continuous integration, detailed change management policies, static code analysis and vulnerability analysis.

Securely store, visualize and alert without the headache of scaling or managing your own monitoring stack.

Grafana Cloud is a fully managed observability platform that makes it easy to collect, analyze and alert on metrics and logs all within Grafana.

Grafana Labs is committed to maintaining the highest standards of data privacy and security. By implementing industry-standard security technologies and procedures, we help protect our customers’ data from unauthorized access, use, or disclosure. View our Trust Portal to access our security reports, certifications and attestations.


ISO 27001

Certified through an independent third-party audit with A-LIGN for ISO 27001.

SOC 2 Type 2 Certification

Certified through an independent third-party audit with A-LIGN for SOC 2.

PCI Security Standards Council

Maintains PCI Compliance through third-party approved scanning vendors for the Grafana Labs corporate environment for client payment processing.


General Data Protection Regulation Data Processor Agreement (DPA) available.
Requests should be sent to for information.

Cloud Security Alliance (CSA)

Completed CSA Security Trust Assurance and Risk (STAR) program.
Cloud Security Alliance Registry