Regulatory audits for New Relic services

This document describes New Relic's products and services as they relate to regulatory framework compliance status.

New Relic's supported regulatory frameworks and annual audits time frames follow:

  • SOC2 Type 2 audit: Reviews New Relic's implementation and maintenance of controls for the previous 12 months. The annual audit spans August 1 of the previous year through July 31 of the current year (for example, August 1, 2019 through July 31, 2020).
  • FedRAMP Agency (Moderate): Reviews New Relic's implementation and maintenance of NIST 800-53 rev 4 controls for the previous 12 months. The annual audit spans November 28 of the previous year through November 28 of the current year (for example, November 28, 2019 through November 28, 2020).

Audits

In the following table:

  • A check [check icon] indicates the SOC2 or FedRAMP authorized service was included in the most recent FedRAMP annual audit.
  • An information circle icon [info-circle icon] indicates the service will be included in upcoming annual audits and assessments.
  • A caution icon [caution icon] indicates the service is on the roadmap for regulatory framework compliance at a timeframe to be determined.
New Relic service SOC2 FedRAMP Moderate (Agency level ATO)
Alerts [check icon] [check icon]
APM (plus language agents) [check icon] [check icon]
Browser [check icon] [check icon]
Incident Intelligence (AI) [caution icon] [caution icon]
Insights [check icon] [check icon]
Infrastructure [check icon] [check icon]
Logs [info-circle icon] [info-circle icon]
Metrics [info-circle icon] [info-circle icon]
Mobile [check icon] [check icon]
New Relic One [check icon] [check icon]
Plugins [check icon] [check icon]
Proactive Detection (AI) [info-circle icon] [info-circle icon]

Synthetics

[check icon] [check icon]
Serverless [info-circle icon] [info-circle icon]
Traces [info-circle icon] [info-circle icon]

Customer risk management

All New Relic services are intended to be covered by New Relic's compliance programs. However, a new service may not be covered by one or more of our compliance programs at any given time throughout the year. This is primarily dependent on the timing when the service achieved General Availability (GA) status and the timing of the specific compliance program's annual authorization, certification, or assessment.

You can use any New Relic service regardless of its compliance program status. However, if a service is not yet in scope of New Relic's compliance programs, we encourage you to consider your risk appetite in the decision to use the specific New Relic product or service.

If you choose to use New Relic services that are not yet in New Relic's compliance program scope, you assume the responsibility to review, understand, and risk manage security controls as you deem appropriate. You also have the option to wait for New Relic to authorize these services before you use them.

For more help

If you need more help, check out these support and learning resources: