Security at TestRelic

Your data security is our top priority

Infrastructure Security

  • Hosted on AWS with multi-region redundancy
  • Enterprise-grade data center infrastructure
  • Network isolation with VPC and security groups
  • DDoS protection via AWS Shield and CloudFlare
  • Regular infrastructure security audits

Data Protection

  • Encryption at Rest: AES-256 encryption for all stored data
  • Encryption in Transit: TLS 1.3 for all data transmission
  • Key Management: AWS KMS with automatic key rotation
  • Data Backup: Automated daily backups with 30-day retention
  • Data Deletion: Secure deletion with verification

Access Control

  • Role-based access control (RBAC)
  • Multi-factor authentication (MFA) required for all employees
  • SSO/SAML integration for Enterprise customers
  • Least privilege access principle
  • Regular access reviews and audits

Application Security

  • Secure development lifecycle (SDL)
  • Code review and static analysis
  • Dependency scanning and vulnerability management
  • OWASP Top 10 mitigation
  • Regular penetration testing by third-party security firms

Monitoring and Incident Response

  • 24/7 security monitoring and alerting
  • Intrusion detection and prevention systems (IDS/IPS)
  • Centralized logging with retention
  • Incident response plan and team
  • Security incident notification within 72 hours

Employee Security

  • Background checks for all employees
  • Security awareness training
  • Confidentiality agreements (NDAs)
  • Secure device management (MDM)
  • Physical security at office locations

Vendor Management

  • Security assessment of all third-party vendors
  • Data processing agreements (DPAs)
  • Regular vendor security reviews
  • Subprocessor transparency

Bug Bounty Program

We run a private bug bounty program with HackerOne. Security researchers can report vulnerabilities and receive rewards for valid findings.

Report security issues to: security@testrelic.co

Security Documentation

For Enterprise customers, we provide:

  • Security audit reports
  • Penetration test reports
  • Security questionnaire responses
  • Data processing agreements (DPAs)

Contact

For security inquiries or to report a vulnerability:
security@testrelic.co