Technical and Organizational Measures

Last updated: November 2025

These measures are implemented to ensure an appropriate level of security for Customer Data. Coralogix will maintain at least these Technical and Organizational Measures (“TOMs”) to protect the security, confidentiality, and integrity of Customer Data across the organization.

These TOMs support Coralogix’s compliance with applicable data protection regulations and its obligations under the Master Subscription Terms, including Coralogix Data Processing Agreement (“Coralogix DPA”) or any Data Processing Agreement signed between the Parties. These TOMs incorporate the safeguards outlined below, which align with the ISO/IEC 27001 and SOC 2 Type II control frameworks. For more information about Coralogix’s TOMs, please visit our Trust Center

1. Encryption:

Coralogix implements and maintains encryption (both in transit, utilizing at least TLS 1.2 or above, and at rest, with AES-256).

2. Data Security:

Coralogix maintains segregation of Customer Data from data belonging to other customers in a multi-tenant framework. Segregation of data is implemented logically and physically. Logically through private key per customer, and physically per region.

Coralogix prohibits the transfer and storage of Customer Data on removable media.

3. Vulnerability Management:

Coralogix implements and maintains a vulnerability management program to ensure that relevant systems, applications, and infrastructure are kept up to date with the latest security patches and updates, including ensuring remediations within industry-accepted SLA’s.

Coralogix conducts penetration testing at least annually. Qualified independent third-party security firms perform such security assessments in accordance with industry best practices.

Coralogix ensures the integrity of its code through extensive security scanning, including SAST, DAST, and SBOM analysis.

4. Access Controls:

Coralogix using multi-factor authentication, role-based access controls, and intrusion detection solutions to ensure a level of security commensurate with the risk.

Coralogix conducts access reviews at least quarterly to ensure the continued appropriateness of access rights and to maintain the principle of least privilege.

Coralogix enforces password complexity requirements and password rotation policies.

5. Audits:

Coralogix conducts information security risk assessments at least annually and implements appropriate risk mitigation measures.

Coralogix conducts third-party audits at least annually, including SOC 2 Type 2, ISO 27001, ISO 27701, ISO 27017, ISO 27018, and ISO 42001 audits.

Coralogix conducts self-assessments at least annually to ensure compliance with various regulatory frameworks such as GDPR, CCPA, HIPAA, DORA, AI Act, as well as external standards such as PCI-DSS.

6. Business Continuity and Disaster Recovery:

Coralogix maintains a business continuity and disaster recovery policy to minimize service disruptions and comply with applicable laws. The policy is tested at least annually through table-top exercises.

Coralogix ensures high availability of its services across availability zones. Continuity is achieved by the availability of customer data and the employee workforce.

7. Physical Access Controls:

Coralogix Implements and maintains appropriate physical security controls to prevent unauthorized physical access to facilities, systems, and infrastructure that process, store, or transmit Customer Data, including physical access controls and surveillance systems.

8. Awareness and Training:

Coralogix provides an appropriate level of periodical training concerning the organizational security measures and privacy issues, to all personnel as well as additional training to those who have access to Customers’ Confidential Information. Training is conducted upon hiring and at least annually thereafter.

9. Coralogix Data Processing Agreement (“DPA”):

If the customer data encompasses Personal Data, this measure shall also include the provisions stipulated within Coralogix’s DPA. Moreover, in the event that Coralogix becomes aware of a security breach leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to Customer Data, Coralogix shall promptly inform the Customer without undue delay and within 48 hours of acquiring knowledge of the incident, in accordance with Section 8 of Coralogix’s DPA.