# New Relic

New Relic is a cloud-based system and issue tracking and analytics SaaS vendor. Its cloud-based solutions enable websites, mobile applications, and companies to track real user interactions, service operators’ system performance, and hardware usage, efficiency, and performance.

<table><thead><tr><th width="411.3333333333333">Question</th><th>Answer</th></tr></thead><tbody><tr><td>Does the supplier hold ISO27001, or other externally validated certificate that is in line with or exceeds ISO27001?</td><td>Yes</td></tr><tr><td>Does the supplier encrypt personal data at rest and in transit?</td><td>Yes</td></tr><tr><td>Does the supplier adhere to the principle of least privileged and have access control processes in place?</td><td>Yes</td></tr><tr><td>Does the supplier have processes in place to address risk management?</td><td>Yes</td></tr><tr><td>Does the supplier train and engage their employees to become cyber aware?</td><td>Yes</td></tr><tr><td>Does the supplier have a process to manage assets throughout their lifecycle, including security and destruction?</td><td>Yes</td></tr><tr><td>Does the supplier have a process to manage disaster recovery and the backups of critical systems?</td><td>Yes</td></tr><tr><td>Does the supplier have a processes in place to identify and remediate vulnerabilities such as penetration testing or vulnerability scanning?</td><td>Yes</td></tr><tr><td>Does the supplier have logging and monitoring in place to identify incidents with their assets and data?</td><td>Yes</td></tr><tr><td>Does the supplier have an incident management process in place?</td><td>Yes</td></tr><tr><td>Does the supplier have process in place to protect and manage their supply chain?</td><td>Yes</td></tr><tr><td>Are there contracts that cover security requirements, data protection requirements and confidentiality?</td><td>Yes</td></tr><tr><td>Does the supplier have a quality management system in place?</td><td>No</td></tr></tbody></table>