• EnglishEspañol日本語한국어Português
  • 로그인지금 시작하기

Security guide

Last updated June 15, 2023.

This is supplement to our security policy and serves as a guide to New Relic’s description of its Services, functionalities, and features.

We may update the URLs in this document without notice.

Security Program

New Relic follows "privacy by design" principles as described here: https://docs.newrelic.com/docs/security/security-privacy/data-privacy/data-privacy-new-relic/.

Security Domains

New Relic’s policies and procedures cover industry-recognized security domains such as Endpoint Protection; Portable Media Security; Mobile Device Security; Wireless Security; Configuration Management; Vulnerability Management; Network Protection; Transmission Protection; Password Management; Access Control, Audit Logging & Monitoring; Education, Training, and Awareness; Third Party Assurance; Incident Management; Business Continuity and Disaster Recovery; Risk Management; Data Protection & Privacy; and Service Management Systems.

Security Certifications

New Relic audits its Services against industry standards as described at https://docs.newrelic.com/docs/security/security-privacy/compliance/regulatory-audits-new-relic-services/.

Data Control, Facilities, and Encryption

New Relic provides its customers controls of their data as follows:

  • New Relic's customers can use any number of methods to send data to New Relic's APIs, such as (1) using New Relic's software, (2) using vendor-neutral software that is managed and maintained by a third-party (e.g., OpenTelemetry instrumentation provided by opentelemetry.io, or (3) from third-party systems that customers manage and/or control.
  • New Relic's customers can use New Relic's Services such as NerdGraph to filter out and drop data. See Drop data using nerdgraph.
  • New Relic's customers can adjust their data retention periods as appropriate for their needs. See Adjust retention.
  • New Relic's capabilities obfuscate numbers that match known patterns, such as bank card and social security numbers as described in our log management security documentation. Customers that meet certain requirements can obfuscate their data as described here.
  • New Relic honors requests to delete personal data in accordance with applicable privacy laws. Please see https://docs.newrelic.com/docs/security/security-privacy/data-privacy/data-privacy-new-relic/.
  • Customers may use New Relic's APIs to query data, such as NerdGraph described here, and New Relic Services to export the data to other cloud providers. Customers that meet certain requirements can export their data as described here and here.
  • Customers can configure their log forwarder; see this before sending infrastructure logs to New Relic.
  • For New Relic Customers in New Relic's AWS US, FedRAMP and HIPAA-enabled environments, Customer Data is replicated via Amazon Simple Storage Service (S3). For Customers in New Relic's Azure US environment, Customer Data is replicated via Azure storage to the off-site backup system via Amazon Simple Storage Service (S3).

Category of Customer

Description

FedRAMP

HIPAA-enabled

US Gen Pop

EU Gen Pop

Data is stored in Amazon Web Services (“AWS”).

Limited

*Data is stored in Azure.

Limited

Data is stored in IBM

Data for New Relic incident intelligence is stored in Google Cloud

New Relic regularly tests, assess, and evaluates its measures to ensure the security of processing using industry-recognized standards and uses independent third-party auditors as provided below:

Annual SOC 2 Type 2

Annual FedRAMP assessment by an independent third-party pursuant to NIST 800-53 rev 4 Moderate authorization.

Annual HITRUST-validated assessment by an independent third-party *Pursuing CY2021 Q4

ISO 27001

TISAX

Law Enforcement Request Report

New Relic has not to date received any request for customer data from a law enforcement or other government agency (including under any national security process), and has not made any corresponding disclosures.

Copyright © 2024 New Relic Inc.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.