Enterprise-grade security & compliance

Your PMO deals with enough Risk.

At RAIDLOG.com, your security is our top priority. We are committed to safeguarding your data while providing exceptional application performance and a seamless user experience. Here, you will find information on our security practices, policies, and how we protect your information.

If you have a security question or concerns, please report it here.

For PM’s by PM’s

Unmatched End-to End Security

RAIDLOG is hosted exclusively on the Google Cloud Platform (GCP), offering robust, built-in end-to-end security and privacy features. Our team goes above and beyond with proactive measures to maintain a secure infrastructure environment. For more detailed information on GCP security, please visit the Google Cloud Trust Center.

RAIDLOG takes a security-by-design approach to protecting your project data.

 

We build our platform using best practices for highly available, scalable, and secure cloud applications.

RAIDLOG - You aren’t alone

OWASP Top 10

Our company takes application security seriously and uses the OWASP Top 10 as a key framework in our security practices. We have implemented measures to address each of the OWASP Top 10 security risks in our development and operational processes.
This includes:
  1. Regular security assessments and penetration testing by internal teams and third-party experts.
  2. Continuous monitoring and updating of our systems to address newly discovered vulnerabilities.
  3. Secure coding practices and security training for our development team.
  4. Implementation of strong access controls and authentication mechanisms.
  5. Use of encryption for data in transit and at rest.
  6. Regular security patches and updates to all components of our infrastructure.
  7. Robust logging and monitoring systems to detect and respond to potential security incidents.
While no system can guarantee 100% security, we are committed to ongoing improvement and vigilance in protecting our application and our customers’ data against the risks outlined in the OWASP Top 10 and beyond. We also offer options to host privately. Please speak with sales for more information.

Data Privacy & Compliance

RAIDLOG's Data Center location

RAIDLOG is primarily hosted in a US–based Google data center.

EMEA/APAC members: For future European clients, we have a tenant in the Belgium Google data center; This tenant will be enabled to host European enterprises when needed. 

Who owns the data stored in RAIDLOG?

Your privacy is important to us, all data collected and stored follows GDPR compliance. View our Privacy Policy for a complete outline of how RAIDLOG manages and protects your privacy. 

How easy is it to export your data if needed?

The process is simple – reach out to our Support Desk at support@raidlog.com or easily click the green chat box, in the lower right of your screen and submit a support ticket. A member of our team will reach out and complete the process for you.

Friendly Reminder! The ability to export is exclusively available to RAIDLOG Enterprise Tenant Owners only.  

How do we handle data backups and disaster recovery?

RAIDLOG stores all customer data on fully redundant storage systems and utilize a multi-tiered backup approach. Customer data is backed up offsite during a nightly full system backup. 

What encryption methods are used for data at rest and in transit?

 

  • In–Transit Encryption: All data transmitted between clients and our servers is encrypted using Transport Layer Security (TLS), protecting against unauthorized access and tampering. 
  • At–Rest Encryption: Data stored in our application is encrypted using AES–256 encryption. Strict access controls and auditing on GCP ensure only authorized personnel can access data, with all access logged and monitored. 
  •  
How do we handle data breaches or security incidents?

Any security related incidents such as data breaches, compliance issues, or any other complaint or concern should be reported immediately to support@raidlog.com. 

All incidents are tracked by operations management until resolved, and closed incidents are reviewed by operations personnel for appropriate resolution. 

How do we ensure compliance with industry regulations and standards?

Hosting + Infrastructure  

Google Cloud Platform 

RAIDLOG is hosted on the Google Cloud Platform (GCP), leveraging its robust security infrastructure – built-in security features such as automated updates, patching, and workload isolation. 

Secure Development Practices 

RAIDLOG developers manage our source code using  secure coding practices, Multi–Factor Authentication (MFA) for access control, and do not store secrets or credentials in version control. 

Secrets Management 

Sensitive information, like API keys and credentials, is securely stored and accessed through a Secrets Manager. 

Database Security 

Our data is hosted in a database in the Google Cloud Platform, which provides encryption at rest and other security features. 

Authentication + Access Control

Authentication

We utilize the Google Identity Platform for authentication, supporting various methods such as Password, Google, Microsoft, SAML, and OAuth SSO. 

Role-Based Access Control (RBAC)

Implemented on a per–tenant basis, ensuring users have access only to necessary data and functions. 

 

Data Access Control
  • RBAC: Ensures employees have minimal necessary permissions. 
  • Logging and Monitoring: All access and sensitive operations are logged and 
    monitored to detect and respond to unauthorized activities. 
  • Periodic Reviews: Regular access permission reviews to revoke unnecessary access. 
  • Employee Training: Regular security training for employees on best practices and 
    potential threats. 

 

Scalability + Performance

How do we handle scalability for large organizations with multiple projects and teams?

Our infrastructure is built on an auto-scaling hosted infrastructure, so it will automatically expand to consume the resources needed to meet the needs of our customers. We utilize the Google Identity Platform for authentication, supporting various methods such as Password, Google, Microsoft, SAML, and OAuth SSO. 

A.I. Privacy 

Current Features
  • Data is only sent to the AI when the PM initiates it.
  • The only data sent to the AI is whatever the PM put into the project description.
  • Data is encrypted in transmission and at rest in our db.
  • The AI API Platform terms of service state that they will not use this data for training.

    Learn more here: https://openai.com/enterprise-privacy/

Future Features

The future AI features of RAIDLOG will have additional privacy options:

  • These features will always be opt-in. You will be able to enable or disable them for your workspace.
  • Access to RAID items is walled-off by workspace:  other organizations cannot see your RAID items, nor will their AI be ‘educated’ on your data.
  • You will have your choice of multiple AI providers, and our plan is to have at least one of those providers be a sandboxed, private AI.
  • Our technical AI approach does not involve training an AI on your data. We use vector embeddings for semantic similarity searches, then interpret the results (Retrieval Augmented Generation). If you like you can read more about the technology here. To oversimplify, it is like a really smart search engine querying your data. The engine doesn’t know or remember your data, but it can intelligently search and interpret and present that data.

 Please Note! This will be documented more formally when the features are released. 

RAIDLOG

Questions about security or compliance?

 

Keeping our clients’ data secure is an absolute top priority at RAIDLOG.
Our goal is to provide a secure environment, while also being mindful of application performance and the overall user experience. To report a vulnerability or other security concern, please contact us.