Chronosphere is committed to the security of your data.
We use best-in-class security technologies, policies, and controls to ensure a culture of security. We embed security into our system design and processes from the start.
Chronosphere is SOC 2 Type 2 and ISO 27001 audited. To request our report, please reach out to your assigned account manager
Chronosphere follows the least access principle when provisioning access to employees. Only the required permissions, and with approval, are provided to employees
Quarterly user access reviews are conducted for production systems. Upon leaving, access is removed, and any workstations are returned and securely wiped
All customer data is encrypted at rest and in transit using industry-standard encryption protocols such as TLS 1.2 or higher and AES 256
Chronosphere securely manages all encryption keys and access to encryption keys follows the least access principles, consistent with SOC 2 controls and ISO 27001 requirements
Security is an integral component in our architecture and development processes and is always built in from the start, rather than bolted on afterwards.
All pull requests are required to go through code reviews, dependency analysis, and combination of automated and manual testing.
Chronosphere conducts vulnerability scanning and external penetration tests on a regular basis. All findings are documented, reviewed, and remediated according to our internal standards. Vulnerability assessments are available upon request
Chronosphere requires all applicable third-parties to undergo a security and privacy review upon onboarding and on a regular cadence thereafter
Data security is a top priority for Chronosphere, and the organization believes that working with skilled security researchers can identify weaknesses in any technology.
If you believe you’ve found a security vulnerability in Chronosphere’s service, please do not hesitate to notify us; we will work with you to resolve the issue promptly.