1. Is ReliaQuest SOC 2 Type II certified?
Yes, ReliaQuest maintains SOC 2 Type II attestation, which is verified through independent annual audits of the company's security controls, availability, and data-handling practices.
2. Where is my data stored and does ReliaQuest offer data residency options?
Your original data stays in your environment, meaning your technology remains the source of truth. GreyMatter processes a limited subset of machine log data and retains it for 72 hours for investigations and 30 to 90 days for hunt campaigns, as configured by your team. At-source detection keeps threat identification local to your source technologies, and GreyMatter Transit gives you additional filtering and storage optionality by detecting threats before data reaches your SIEM. You control what gets stored, where, and how much across multi-SIEM and multi-cloud environments.
3. Does GreyMatter meet GDPR, HIPAA, and PCI-DSS compliance requirements?
Yes, ReliaQuest maintains HIPAA and PCI-DSS compliance. Regarding GDPR, GreyMatter does not process personal data—the platform processes a limited subset of cybersecurity-relevant machine log data. In cases where personal data such as device identifiers or business account usernames may be inadvertently present in customer logs, ReliaQuest works with customers to minimize and pseudonymize that data to the extent practicable.
4. What is ReliaQuest's data-retention policy?
ReliaQuest does not backup customer data, all original log data remains in your environment and your technology remains the source of truth. Customer log data within GreyMatter is retained for 72 hours for investigations and 30 to 90 days for hunt campaigns, as configured by your team. Portal tickets and alerts are stored for 12 months and then archived for an additional 6 months, for a total of 18 months retention.