Rescale puts compliance and security first in everything we do. We are committed to protecting customer data and following the strictest compliance standards.
Our compliance and security practices are built on three pillars: Trust, data sovereignty, and privacy.
Below are the following audits we conduct to ensure a customer’s trust that Rescale will protect their data and their customers’ data.
Rescale has ISO 27001 Certification and completes annual surveillance audits to maintain compliance. ISO 27001 is an international standard that manages information security. The scope of the audit incorporates company and platform security.
Rescale is SOC 2 attested and completes an annual SOC 2 Type 2 audit, including a security penetration test. The SOC 2 report provides a detailed account on Rescale’s security measures in place for both the company and the Rescale Platform.
Rescale has been authorized for FedRAMP at the Moderate authorization. The FedRAMP program provides a standardized approach to information security of cloud products for Federal agencies. The scope of this offering incorporates our government platform and FedRAMP authorized infrastructure.
TISAX (Level 1)
Trusted Information Security Assessment Exchange (TISAX) enables mutual acceptance of Information Security Assessments in the automotive industry. It provides a common assessment and exchange mechanism. TISAX follows the ISO 27001 framework, but Rescale additionally fills out the Level 1 questionnaire.
Star RegistryThe CSA STAR Certification is a rigorous third party independent assessment of the security of a cloud service provider. Rescale submits an annual assessment to the registry.
NIST 800-171 (DFARS)
Defense Federal Acquisition Regulation Supplement (DFARS) provides requirements for protecting the confidentiality of Controlled Unclassified Information (CUI). This maps to the NIST 800-171 framework, which Rescale enforces as part of our standard security practice.
Rescale maintains active registrations under the International Traffic in Arms Regulations (ITAR) to control the export of defense and military-related technologies from the U.S. Rescale ensures that only U.S. “persons” can access their respective systems. Rescale performs its validation check for employees and customers accessing the Rescale ITAR platform.
Export Administration Regulations (EAR) govern the export of “dual-use” items. These items include goods and related technology, including technical data and technical assistance, which are designed for commercial purposes, but which could have military applications, such as computers, aircraft, and pathogens. Rescale supports our customer’s EAR compliance via access controls, auditing & encryption.
Health Insurance Portability and Accountability Act (HIPAA) is a privacy law that protects health information. Rescale’s existing security controls support HIPAA compliance for customers.GDPRRescale enforces proper technical and organizational measures to ensure compliance with the European Union (EU) General Data Protection Regulation (GDPR).
Rescale signs data processing agreements (DPAs) with Controllers to legitimize data transfer while protecting personal data. DPAs contain EU standard contractual clauses (EU Model Clauses) to legitimize data transfers to outside the EU or European Economic Area where applicable.
The Rescale Platform: Compliance Assured
The Rescale Platform provides a holistic security approach exceeding modern enterprise standards. As a platform, Rescale helps customers flexibly configure their own security environment. Internally, Rescale has a mature security program and operates with security as its top priority.
Rescale is committed to ensuring trust with their customers and is available to discuss any additional security questions at firstname.lastname@example.org.