Security and Compliance Security and privacy is core to ChaosSearch

Secure, instant access to data at scale is the core mission of ChaosSearch. Security has been a core tenet of our architecture and culture from day one. ChaosSearch employs encryption of data at all times layering on the security of the cloud to ensure security and control lies with the customer.  

We are continually investing in our security program and we have ingrained these principals deeply into our culture as we build, operate, and deploy new features for our customers and partners.

SOC

SOC 2

ChaosSearch has completed our SOC 2 Type 1 examination for the Security, Availability, and Confidentiality trust service principles for ChaosSearch. This SOC 2 report assures our customers that we have designed and implemented sufficient security controls defined by the American Institute of Certified Public Accountants (AICPA) in TSP section 100, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy. A copy of this report is available to our prospects and customers under an NDA. Please reach out to your account manager or email sales@chaossearch.io to schedule a discussion to review.

HIPAA

ChaosSearch has designed its control environment to satisfy the requirements of the Security Rule of the Health Information Portability and Accountability Act (HIPAA). Where applicable as a non-health services provider, the design of controls implemented to achieve the criteria of the relevant AICPA trust services principles, detailed within our SOC 2 report, is intended to satisfy HIPAA requirements. ChaosSearch can enter into a Business Associate Agreement (BAA) with our customers as well as explore any other custom Data Privacy Agreements.

HIPAA
GDPR

GDPR

ChaosSearch is committed to complying with the EU General Data Protection Regulation (GDPR) as well as helping our customers ensure their compliance with these regulations such as the "Right to be Forgotten." GDPR helps to strengthen and standardize user data privacy across the EU and any business that could potentially handle EU resident personal data no matter the locality of the company. Review our full GDPR statement here.

Credit card and payment information

ChaosSearch is not a payment processor and partners with 3rd Party PCI-certified vendors for customer credit card processing.

Responsible disclosure

If you encounter a security issue with the ChaosSearch Platform, please report it to us at security@chaossearch.io. We take all reports of security issues and potential vulnerabilities very seriously and work to resolve these issues as soon as possible. Please note that it is against the ChaosSearch Acceptable Use Policy to run security scanning tools against the platform.

CCSecurity