Splunk

ISO 27017:2015 cloud security certification validating cloud-specific security controls for Splunk Cloud Platform. Annual surveillance audits cover cloud service provider responsibilities and implementation guidance for secure cloud operations.

ISO 27018:2019 certification validating personal data protection in Splunk's cloud services with annual surveillance audits covering privacy controls and data protection measures for cloud-based personally identifiable information processing.

SOC 1 Type II report validating financial reporting controls with independent audit of operational effectiveness for Splunk Cloud SOAR services. Report provides assurance on controls relevant to user entities' internal control over financial reporting.

Splunk Cloud Platform maintains SOC 2 Type II certification with independent third-party audits validating security, availability, and confidentiality controls. Annual report covers access controls, system monitoring, data protection, and incident response procedures across all Splunk cloud services including Splunk Cloud, Observability Cloud, and SOAR platforms.

Comprehensive Disaster Recovery Plan reviewed and approved by management annually with annual testing. Plan includes cross-region disaster recovery capabilities, triple data replication, data backup systems, and documented recovery procedures to manage significant disruptions to Splunk Cloud operations.

Splunk Incident Response Framework (SIRF) establishing comprehensive procedures for preparing and responding to security incidents. Framework includes responsive actions, consequence remediation, lessons learned documentation, and continuous improvement processes with regular testing through planned reviews and live simulations.

Comprehensive privacy policy outlining data collection, processing, sharing, and protection practices for Splunk services. Policy covers GDPR compliance, data subject rights, data deletion on request, and global privacy requirements with dedicated Privacy Center for customer access.

Security vulnerability disclosure program encouraging security researchers to report vulnerabilities through Splunk's Advisory page. Program includes clear submission guidelines, scope definition, and coordinated disclosure process for vulnerability management across all Splunk products and services.

Cloud Security Alliance Consensus Assessments Initiative Questionnaire documenting Splunk's cloud security controls and practices. Standardized questionnaire enables customers to assess Splunk's cloud security posture and compliance with CSA Cloud Controls Matrix framework.

Splunk maintains cyber insurance coverage providing financial protection and incident response resources for security events. Insurance supports breach response, recovery costs, and business continuity during cybersecurity incidents.

Advanced Encryption Standard (AES) 256-bit encryption for data at rest across Splunk Cloud Platform. Encryption available as premium service enhancement for customers requiring enhanced data protection compliance and regulatory requirements.

Comprehensive Data Processing Addendum (DPA) available for Splunk customers with regional variants for EEA/UK/Swiss (with GDPR data transfer mechanisms) and U.S. state law compliance. Electronic signature process with executed copies provided to designated signatories, updated August 2024.

Logical data separation enforced across Splunk Cloud environments with customer stacks logically separated from each other. Virtualization at server, storage, and network layers ensures strict separation for each customer instance with multi-tenant architecture maintaining data isolation.

Splunk personnel with access to customer content undergo background checks in accordance with legal requirements, commensurate to job duties. Personnel activity is logged and monitored for all support and professional services accessing customer data or systems.

Enterprise-grade identity and access management with least privilege principle, role-based access controls, and multi-factor authentication (2FA) required for remote access. Supports SSO integrations (SAML v2) with Okta, Azure AD, PingFederate, and other compliant identity providers.

FedRAMP Moderate authorization for Splunk Cloud Platform enabling federal agency adoption with NIST 800-53 moderate baseline controls. Authorization validates security controls through independent third-party assessment for processing federal moderate impact data.

HIPAA Business Associate Agreement support for healthcare customers processing Protected Health Information (PHI) through Splunk Cloud Platform. Splunk implements technical and organizational safeguards, breach notification procedures, and regulatory compliance controls for healthcare data protection.

Host-based intrusion detection system logging attempted access and providing automatic alerts to trigger incident management procedures. Splunk collects log, event, and sensor-based data for continuous monitoring, detection, and investigation of suspicious activity across all cloud environments.

PCI DSS compliance certification validating secure handling of payment card information across Splunk services. Third-party assessment covers network security, access controls, encryption, and monitoring requirements for protecting cardholder data environments.

Annual information security awareness training required for all Splunk employees with ongoing security campaigns on phishing, social engineering, and key security topics. Training program aligned with industry best practices and regulatory requirements.

24x7x365 Security Operations Center (SOC) providing continuous security monitoring with Detection and Monitoring Operations team ensuring confidentiality, integrity, and availability of Splunk services through security event triage, threat hunting, threat intelligence, and incident support.

Public system status page providing real-time visibility into Splunk service availability and performance across all products. Includes historical uptime data, incident reporting, and maintenance window notifications for proactive service monitoring.

Comprehensive Vendor Risk Management program conducting security due diligence and risk assessments of third-party vendors prior to onboarding. Ongoing vendor monitoring using risk-based approach with written agreements imposing security, confidentiality, and privacy obligations aligned with Splunk's risk profile and regulatory requirements.

Industry-standard SSL/TLS 1.2+ encryption for all data in transit across Splunk Cloud Platform. All forwarders, user sessions, and electronic messaging secured with Transport Layer Security with opportunistic TLS encryption on email gateways.

TX-RAMP Level 2 authorization validating Splunk's cloud security controls for Texas state agencies. Independent third-party assessment covers security, privacy, and compliance requirements for serving Texas government entities.

Comprehensive Threat and Vulnerability Management program continuously monitoring for vulnerabilities through vendor acknowledgments, security researcher reports, internal vulnerability scans, Red Team activities, and personnel identification. Threats ranked by severity and assigned for remediation.

Web Application Firewall (WAF) monitoring web traffic and detecting anomalies across Splunk cloud infrastructure. Firewalls configured to prevent unauthorized access with privileged firewall access restricted to authorized personnel only.

Annual third-party penetration testing conducted by external security vendors on Splunk's corporate and cloud environments to detect network and application security vulnerabilities. Critical findings are evaluated, documented, and remediated with additional internal penetration testing performed periodically throughout the year.