Last updated September 17, 2021.
This is supplement to our security policy and serves as a guide to New Relic’s description of its Services, functionalities, and features.
팁
We may update the URLs in this document without notice.
Security Program
New Relic follows "privacy by design" principles as described here: https://docs.newrelic.com/docs/security/security-privacy/data-privacy/data-privacy-new-relic/.
Security Domains
New Relic’s policies and procedures cover industry-recognized security domains such as Endpoint Protection; Portable Media Security; Mobile Device Security; Wireless Security; Configuration Management; Vulnerability Management; Network Protection; Transmission Protection; Password Management; Access Control, Audit Logging & Monitoring; Education, Training, and Awareness; Third Party Assurance; Incident Management; Business Continuity and Disaster Recover; Risk Management; Data Protection & Privacy; and Service Management Systems.
Security Certifications
New Relic audits its Services against industry standards as described at https://docs.newrelic.com/docs/security/security-privacy/compliance/regulatory-audits-new-relic-services/.
Data Control, Facilities, and Encryption
- New Relic's customers can send data to New Relic's APIs by (1) using New Relic's software, (2) using vendor-neutral software that is managed and maintained by a third-party such as via OpenTelemetry instrumentation provided by opentelemetry.io, or (3) from third-party systems that customer's manage and/or control.
- New Relic's customers can use New Relic's Services such as NerdGraph to filter out and drop data. See https://docs.newrelic.com/docs/telemetry-data-platform/manage-data/drop-data-using-nerdgraph/.
- New Relic's customers can adjust their data retention periods as appropriate for their needs. See https://docs.newrelic.com/docs/telemetry-data-platform/manage-data/manage-data-retention/#adjust-retention.
- New Relic's log management capabilities obfuscate numbers that match known patterns, such as bank card and social security numbers as described in our log management security documentation.
- New Relic honors requests to delete personal data in accordance with applicable privacy laws. Please see https://docs.newrelic.com/docs/security/security-privacy/data-privacy/data-privacy-new-relic/.
- Customers may use New Relic's APIs to query data, such as NerdGraph described here, and New Relic Services to export the data to other cloud providers.
- Customers can configure its log forwarder [https://docs.newrelic.com/docs/logs/enable-log-management-new-relic/enable-log-monitoring-new-relic/forward-your-logs-using-infrastructure-agent/] before sending infrastructure logs to New Relic.
- For New Relic Customers in New Relic US, FedRAMP and HIPAA-enabled environments, Customer Data is replicated to the off-site backup system via Amazon Simple Storage Service (S3).
Category of Customer | |||||
---|---|---|---|---|---|
Description |
| ||||
Data is stored in Amazon Web Services (“AWS”). |
| ||||
Data is stored in IBM | |||||
Data for New Relic incident intelligence is stored in Google Cloud | |||||
New Relic regularly tests, assess, and evaluates its measures to ensure the security of processing using industry-recognized standards and uses independent third-party auditors as provided below: | |||||
Annual SOC 2 Type 2 | |||||
Annual FedRAMP assessment by an independent third-party pursuant to NIST 800-53 rev 4 Moderate authorization. | |||||
Annual HITRUST-validated assessment by an independent third-party *Pursuing CY2021 Q4 | |||||
ISO 27001 | |||||
TISAX |
- The Services that operate on Amazon Web Services (“AWS”) are protected by the security and environmental controls of AWS. Detailed information about AWS security is available at https://aws.amazon.com/security/ and http://aws.amazon.com/security/sharing-the-security-responsibility/. Data encryption at rest utilizes FIPS 140-2 compliant encryption methodology. For AWS SOC Reports, please see https://aws.amazon.com/compliance/soc-faqs/.
- The Services that operate on Google Cloud Platform ("GCP") are protected by the security and environmental controls of GCP. Detailed information about GCP security is available at https://cloud.google.com/docs/tutorials#security. For GCP reports, please see https://cloud.google.com/security/compliance/.
- IBM
- Deft
- Zayo
- QTS
Law Enforcement Request Report
New Relic has not to date received any request for customer data from a law enforcement or other government agency (including under any national security process), and has not made any corresponding disclosures.