Compliance

SOC 2 Type II

Rapid7 undergoes a SOC 2 Type II audit annually to ensure the effectiveness of controls relevant to security.

EU General Data Protection Regulation (GDPR)

The European Union’s (EU) General Data Protection Regulation (GDPR) went into effect on May 25, 2018. GDPR imposes new obligations in relation to the processing, storage, and transmission of personal data of individuals residing in the EU. With customers around the world, Rapid7 has implemented controls across our organization to achieve and maintain compliance with this new framework.

Rapid7 has appointed a Data Protection Officer, who is reachable at privacy@rapid7.com, and our Data Processing Addendum has been incorporated into our standard contracts. For more information please review our Privacy Policy.

For information on personal data transfers and Brexit, please read our statement. 

EU-U.S. Privacy Shield Framework

Rapid7 participates in and has certified compliance with the EU-U.S. Privacy Shield Framework. Rapid7 is responsible for the processing of personal data it receives under the Privacy Shield Framework, and subsequent transfers to a third-party acting as an agent on its behalf. Rapid7 complies with the Privacy Shield Principles for all transfers of personal data from the European Economic Area (“EEA”), including the onward transfer liability provisions. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List.

Sarbanes-Oxley Act (SOX)

The Sarbanes-Oxley Act (SOX) was enacted by the United States Congress in 2002 to protect shareholders and the general public from accounting errors and fraudulent practices in enterprises, and to improve the accuracy of corporate disclosures. Rapid7 is a publicly traded company and undergoes SOX audits on an annual basis to ensure our internal control system is well structured and operating effectively.

Amazon Web Services (AWS) Security Competency

Achieving the Amazon Web Services (AWS) Security Competency differentiates Rapid7 as an AWS Partner Network (APN) member that offers specialized software designed to help organizations adopt, develop and deploy complex security projects on AWS. To receive the designation, APN partners must possess deep AWS expertise and deliver solutions seamlessly on AWS.

ISO 27001 b Schellman

ISO 27001 is an international standard for effectively managing information security. The standard was originally published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in 2005, revised in 2013, and again in 2022. It details requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS).

Rapid7’s ISMS is ISO 27001 certified. The ISO 27001 certification process includes a rigorous audit conducted by a third party. Rapid7’s ISMS was audited by Schellman. Certified organizations must undergo annual audits to maintain compliance.

OneTrust Risk Exchange Member

Rapid7 is now recognized as a OneTrust Risk Exchange Member. You can access our Public Profile here to download applicable documents that require no NDA. 

If you require additional access to download Rapid7 SOC2 Type II report and other vital documents, kindly contact your Rapid7 account representative and they will submit a ticket on your behalf to have access provisioned for you. This will allow you to create a OneTrust account and give you access to the platform for 5 business days to download all applicable documents.

IRAP Assessment Certified

Rapid7 has successfully completed an Information Security Registered Assessors Program (IRAP) assessment to PROTECTED Level for several of our Insight Platform solutions. 

To request for Rapid7 IRAP related documents for review, kindly contact your Rapid7 account representative and they will submit a ticket on your behalf and share with you the applicable IRAP document for review.