The new standard of observability is here. Discover Olly, the industry’s first 
Technical and Organizational Measures
Last updated: January 2026
These Technical and Organizational Measures (“TOMs”) are implemented in connection with the provision of the Services to ensure an appropriate level of security for Customer Data. Coralogix maintains the TOMs to protect the security, confidentiality, and integrity of Customer Data processed as part of the Services.
These TOMs support Coralogix’s compliance with applicable data protection regulations and its obligations under the Master Subscription Terms, including Coralogix Data Processing Agreement (“Coralogix DPA”). TOMs are aligned with industry-standard security frameworks, including ISO/IEC 27001 and SOC 2 Type II. For more information about Coralogix’s TOMs, please visit our Trust Center.
1. Encryption:
Customer Data is encrypted in transit using industry-standard transport layer security (TLS 1.2 or higher) and at rest using strong encryption algorithms (AES-256).
2. Data Security:
Customer Data is logically and physically segregated from data belonging to other customers within Coralogix’s multi-tenant environment. Logical segregation is implemented through customer-specific encryption keys, while physical segregation is applied on a regional basis.
Coralogix prohibits the transfer and storage of Customer Data on removable media.
3. Vulnerability Management:
Coralogix implements and maintains a vulnerability management program to ensure that relevant systems, applications, and infrastructure are kept up to date with the latest security patches and updates, including ensuring remediations within industry-accepted SLA’s.
Coralogix conducts penetration testing at least annually. Qualified independent third-party security firms perform such security assessments in accordance with industry best practices.
Coralogix ensures the integrity of its code through extensive security scanning, including SAST, DAST, and SBOM analysis.
4. Access Controls:
Coralogix using multi-factor authentication, role-based access controls, and intrusion detection solutions to ensure a level of security commensurate with the risk.
Coralogix conducts access reviews at least quarterly to ensure the continued appropriateness of access rights and to maintain the principle of least privilege.
Coralogix enforces password complexity requirements and password rotation policies.
5. Audits:
Coralogix conducts information security risk assessments at least annually and implements appropriate risk mitigation measures.
Coralogix conducts third-party audits at least annually, including SOC 2 Type 2, ISO 27001, ISO 27701, ISO 27017, ISO 27018, and ISO 42001 audits.
Coralogix conducts self-assessments at least annually to ensure compliance with various regulatory frameworks such as GDPR, CCPA, HIPAA, DORA, AI Act, as well as external standards such as PCI-DSS.
6. Business Continuity and Disaster Recovery:
Coralogix maintains a business continuity and disaster recovery policy to minimize service disruptions and comply with applicable laws. The policy is tested at least annually through table-top exercises.
Coralogix ensures high availability of its services across availability zones. Continuity is achieved by the availability of customer data and the employee workforce.
7. Physical Access Controls:
Coralogix Implements and maintains appropriate physical security controls to prevent unauthorized physical access to facilities, systems, and infrastructure that process, store, or transmit Customer Data, including physical access controls and surveillance systems.
8. Awareness and Training:
Coralogix provides an appropriate level of periodical training concerning organizational security measures and privacy issues, to all personnel as well as additional training to those who have access to Customers’ Confidential Information. Training is conducted upon hiring and at least annually thereafter.
9. Coralogix Data Processing Agreement (“DPA”):
If the customer data encompasses Personal Data, this measure shall also include the provisions stipulated within Coralogix’s DPA. Moreover, in the event that Coralogix becomes aware of a security breach leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to Customer Data, Coralogix shall promptly inform the Customer without undue delay and within 48 hours of acquiring knowledge of the incident, in accordance with Section 8 of Coralogix’s DPA.
Customer Responsibilities
Notwithstanding the Technical and Organizational Measures described above, the Customer remains responsible for securely configuring and using the Services in accordance with the applicable Coralogix Documentation. This includes, without limitation, configuring and managing authentication and access controls (including SAML SSO and Customer identity provider integrations), securing and regularly rotating API keys, and administering user permissions and IP-based access restrictions.
The Customer is also responsible for determining what data is submitted to the Services, including the handling of PII and sensitive data prior to transmission to Coralogix. The Customer shall take reasonable measures to prevent unauthorized access to Customer Credentials and shall promptly notify Coralogix if it becomes aware of any compromise of Customer Credentials or unauthorized access to Customer Data.
