summaryrefslogtreecommitdiffstats
path: root/docs/security-and-privacy-design
diff options
context:
space:
mode:
Diffstat (limited to 'docs/security-and-privacy-design')
-rw-r--r--docs/security-and-privacy-design/README.md30
-rw-r--r--docs/security-and-privacy-design/netdata-agent-security.md5
2 files changed, 35 insertions, 0 deletions
diff --git a/docs/security-and-privacy-design/README.md b/docs/security-and-privacy-design/README.md
index 2fc6b1263..c6bfd699e 100644
--- a/docs/security-and-privacy-design/README.md
+++ b/docs/security-and-privacy-design/README.md
@@ -211,6 +211,36 @@ Business Associate Agreement (BAA), it is ultimately the responsibility of the h
compliance across all of their operations. Entities should always consult with a legal expert or a HIPAA compliance
consultant to ensure that their use of any product, including Netdata, aligns with HIPAA regulations.
+## SOC 2 Compliance
+
+Service Organization Control 2 (SOC 2) is a framework for managing data to ensure the security, availability, processing integrity, confidentiality, and privacy of customer data. Developed by the American Institute of CPAs (AICPA), SOC 2 is specifically designed for service providers storing customer data in the cloud. It requires companies to establish and follow strict information security policies and procedures.
+
+While Netdata is not currently SOC 2 certified, our commitment to security and privacy aligns closely with the principles of SOC 2. Here’s how Netdata's practices resonate with the key components of SOC 2 compliance:
+
+### Security
+
+Netdata has implemented robust security measures, including infrastructure as code, TLS termination, DDoS protection, and a security-focused development process. These measures echo the SOC 2 principle of ensuring the security of customer data against unauthorized access and potential threats.
+
+### Availability
+
+Netdata's commitment to system monitoring and troubleshooting ensures the availability of our service, consistent with the availability principle of SOC 2. Our infrastructure is designed to be resilient and reliable, providing users with continuous access to our services.
+
+### Processing Integrity
+
+Although Netdata primarily focuses on system monitoring and does not typically process customer data in a way that alters it, our commitment to accurate, timely, and valid delivery of services aligns with the processing integrity principle of SOC 2.
+
+### Confidentiality
+
+Netdata's measures to protect data—such as data encryption, strict access controls, and data isolation—demonstrate our commitment to confidentiality, ensuring that customer data is accessed only by authorized personnel and for authorized reasons.
+
+### Privacy
+
+Aligning with the privacy principle of SOC 2, Netdata adheres to GDPR and CCPA regulations, ensuring the protection and proper handling of personal data. Our privacy policies and practices are transparent, giving users control over their data.
+
+### Continuous Improvement and Future Considerations
+
+Netdata is committed to continuous improvement in security and privacy. While we are not currently SOC 2 certified, we understand the importance of this framework and are continuously evaluating our processes and controls against industry best practices. As Netdata grows and evolves, we remain open to pursuing SOC 2 certification or other similar standards to further demonstrate our dedication to data security and privacy.
+
## Conclusion
In conclusion, Netdata Cloud's commitment to data security and user privacy is paramount. From the careful design of the
diff --git a/docs/security-and-privacy-design/netdata-agent-security.md b/docs/security-and-privacy-design/netdata-agent-security.md
index 8cb6a9aa2..f441fe850 100644
--- a/docs/security-and-privacy-design/netdata-agent-security.md
+++ b/docs/security-and-privacy-design/netdata-agent-security.md
@@ -10,6 +10,11 @@ databases, sent to upstream Netdata servers, or archived to external time-series
## User Data Protection
+> **Note**
+>
+> Users are responsible for backing up, recovering, and ensuring their data's availability because Netdata stores data locally on each system due to its decentralized architecture.
+
+
The Netdata Agent is programmed to safeguard user data. When collecting data, the raw data does not leave the host. All
plugins, even those running with escalated capabilities or privileges, perform a hard-coded data collection job. They do
not accept commands from Netdata, and the original application data collected do not leave the process they are
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-18 17:26:35 +0000