Trust

Lacework is committed to security and privacy in our offerings

Security is embedded in everything we do — from design to development to continuous monitoring in production. Lacework is committed not only to helping its customers secure their information systems, but also to the security of its own systems and the data entrusted to it by its customers and partners.

Security

Lacework values customer trust and is committed at all levels to the privacy of customer data. Lacework focuses on building processes, technology, andLacework maintains a global best in practice information security program. We built our program on several industry standards including ISO 27001, SOC 2, and NIST 800-53. The program is focused on managing risk as a continuous cycle in order to continuously evaluate effective security controls and quickly detect and respond to incidents in order to maintain a healthy operating risk posture for Lacework and its customers’ data.

Lacework Security and Privacy Standard

Privacy

Lacework values customer trust and is committed at all levels to the privacy of customer data. Lacework focuses on building processes, technology, and policies to ensure its privacy practices are aligned with the expectations of its customers and global privacy laws. We conform to standard privacy practices under GDPR, and EU/US Data Privacy Framework, UK Extension, and Swiss/US Data Privacy Framework, in addition to using Standard Contractual Clauses for transfers of data outside of the EU, and CCPA. To learn more, please visit our legal information page.

Compliance

Lacework’s information security and privacy programs are based on industry standards including SOC 2, ISO 27001, and NIST 800-53. In addition to our internal compliance programs, Lacework undergoes annual SOC 2 Type II audits performed by an independent auditor. The most recent SOC 2 report is available through your account manager.

Availability

Our cloud infrastructure takes advantage of cloud-native features like auto-scaling, and infrastructure redundancy to reduce latency, increase reliability, and scale with your organization’s needs. Lacework has historically maintained an SLA of 99.99% uptime. We strive to ensure that Lacework is available when you need it and always monitoring your systems. Real-time status and historical availability information is available at https://status.lacework.net.

Responsible Disclosure

Lacework believes in the responsible disclosure of vulnerabilities. If you believe that you have identified a vulnerability in Lacework’s products, infrastructure, or service, please submit it through Lacework’s HackerOne program at https://hackerone.com/lacework. If you believe that there has been a breach of Lacework’s systems, please email security-(at)-lacework.com with as much information as possible.