Skip Navigation
Get a Demo

Red Canary Trust Center

We earn your trust by doing what we say—and sharing it with proactive transparency. This is your source for Red Canary’s security, compliance, privacy, and system availability.


We leverage people, process, and technology to deliver a robust security program in both our product and corporate environments.


We build a complete program by using the scaffolding from well-known frameworks. And third-party auditors provide assurance for our stakeholders.


Our privacy program provides transparency on how we collect, use, disclose, transfer, and store customer information.


Use our status page to get ongoing visibility into the uptime of our product offerings.


To be your security ally, trust has to come first. Red Canary earns and maintains your trust by implementing a comprehensive security program, actively managing and reducing risks, and leveraging third-parties to hold up a mirror for improvement. We win when you win.

— Robb Reck, Chief Trust Officer

Make us better with the Vulnerability Disclosure Program

Trust is a two-way street. If something catches your eye, we want to know about it. Visit the Vulnerability Disclosure Program to learn more about how you can disclose potential vulnerabilities to us.

Red Canary's Product Security team infuses security into the entire software development lifecycle, from architecture to production.


Developer Security Training


We provide ongoing courses to our developers that improve their understanding of common attacks, frameworks, and mitigation techniques for our products.


Design Reviews


We have a strong collaboration effort between the Engineering teams and Product Security to assess and develop design patterns that mitigate risk to the platform and associated applications and services.


Automated Application Security Testing


We leverage automation tools to test our products in both a runtime and development state to discover vulnerabilities before they go live.


Security Risk Assessments


We conduct security assessments at the earliest onset of a project, including evaluating inherent security controls, compliance, and privacy considerations. Any deviations from Red Canary’s standards require a risk treatment plan before any work begins.


Penetration Testing


We engage with third-parties to perform manual security tests of our products. These tests are performed no less than annually. This security testing uncovers more complex security flaws that may not be caught by automated tooling, including business logic abuse.

Our dedicated internal security team works to continuously improve our threat-mitigation practices to protect Red Canary infrastructure.

  • Zero Trust: Our Corporate Security team provides verifiably secure, frictionless access to the right systems at the right time. Zero Trust ensures multiple contextual data points are evaluated to provide secure access to systems.
  • Threat Management: Red Canary’s threat modeling framework ensures appropriate security controls are in place to mitigate risks on corporate systems.
  • Vulnerability Management: This collaborative effort between systems owners and corporate security identifies and remediates vulnerabilities in line with our policy and compliance frameworks.
  • Corporate Security Testing: We emulate attackers to test the effectiveness of our corporate controls. This uncovers vulnerabilities and allows us to identify issues long before an adversary does.
Governance Framework to Enable the Business
Governance Framework to Enable the Business

Our governance framework keeps corporate activities aligned to Red Canary’s number one objective: being a security ally to our customers. The keys to accomplish this include business resiliency, ethics, and management controls to drive accountability and results. 

Adaptive Security Risk Management
Adaptive Security Risk Management

Our security risk management framework sets out the guiding principles and establishes roles and accountability for managing, monitoring, and improving the risk management practice within Red Canary. The program is adaptive to reflect the changing internal and external environment, as well as technology advancements.

Compliance at Red Canary

Red Canary implements security policies based on industry best practices and regularly conducts internal and external audits, attestations, and third-party security assessments. Attestations and certifications associated with products and services are available here.

View our latest security certifications

Third-party assured to earn your trust

Red Canary models our security program around industry best practices and internationally recognized security and privacy frameworks. Red Canary is SOC 2 Type II attested and ISO 27001:2013 certified, with accredited third party assessments held annually at a minimum. Additionally, our dedicated in-house security teams keep us in compliance with appropriate frameworks and data privacy regulations.

ISO/IEC 27001

ISO 27001 provides a holistic, risk-based approach to security and a comprehensive and measurable set of information security management practices.


SOC 2 (System and Organization Controls) is a regularly refreshed report that focuses on non-financial reporting controls as they relate to security, availability, and confidentiality of a cloud service.

ISO/IEC 27701

ISO 27701, published in 2019, is an extension to ISO 27001 and 27002 for privacy information management requirements and guidelines.


JOSCAR (the Joint Supply Chain Accreditation Register) is a collaborative tool used by the aerospace, defense, and security industry to act as a single repository for pre-qualification and compliance information.

If you are a customer or in the process of becoming a customer, you can request a copy of these reports by emailing 

Trust issues: Proactive transparency drives good business
Trust issues: Proactive transparency drives good business
Trust issues: Building a strong foundation in an ever-changing field
Trust issues: Building a strong foundation in an ever-changing field
Trust issues: The two sides of Say:Do
Trust issues: The two sides of Say:Do
Back to Top