We’re Committed to Security and Privacy

vArmour Relationship Cloud meets the most stringent enterprise requirements from a Security and Data Protection standpoint. Relationship Cloud is SOC 2 type II audited and implements best-in-class security controls and processes in order to safeguard customer data and service delivery.

In addition, vArmour works with CyberGRX as an independent auditor to validate control capabilities and map to customer frameworks. Independent Penetration Tests and Code Review findings provided by the British Standards Institute are also available.

This Compliance and Trust page provides customers and prospects access to the artifacts they need to meet their Third Party Management Risk requirements. Learn more in the vArmour Relationship Cloud Security and Privacy White Paper.


SOC2 Logo

SOC 2 Type II

Relationship Cloud System and Organization Controls (SOC) 2 Report is an independent third-party examination report that demonstrates how vArmour achieves key compliance controls and objectives that meet the AICPA Trust Services Security, Availability, and Confidentiality Criteria. The purpose of this report is to help you and your auditors understand the Relationship Cloud controls established to support operations and compliance relating to system security, availability, and confidentiality. Learn more in the vArmour Relationship Cloud SOC2 Type II Report.


CyberGRX Logo

CyberGRX Independent Assessment

CyberGRX provides an independent third-party validated cyber risk assessment of vArmour’s security posture. This assessment details vArmour’s compliance with industry standards and the security protocols built into our infrastructure.

CyberGRX’s assessment of vArmour covers the strength, coverage, and timeliness of 200+ controls. It has been independently validated and integrates vArmour’s responses with analytics, threat intelligence, and risk models. CyberGRX’s Framework Mapper allows for the mapping of vArmour’s assessment to over 20 different commonly used industry frameworks and standards, such as NIST SP 800-53, NIST CSF, ISO 27001, PCI-DSS, HIPAA, CMMC, SOC2, CSA STAR, NY-DFS, FFIEC, etc. Additionally, CyberGRX risk analytics platform and assessment questions are mapped to the MITRE ATT&CK framework and taxonomy. This enables customers to discover the controls that can mitigate the threats applicable for their industry, and the supporting controls that indirectly affect the efficacy of the attack techniques. Learn more in the  Tier 2 Validated CyberGRX Cyber Risk Assessments of vArmour.

Assessment documents available:

  • Critical Controls
  • CMMC Level 1
  • CMMC Level 2
  • MITRE Full Technique
  • NIST 800/53
  • CSA CAIQ Lite
  • CSA Cloud Controls Matrix

CyberGRX 3rd Party Logo

Data Protection and Privacy

Relationship Cloud offers a GDPR-compliant Data Processing Addendum (GDPR DPA), which enables customers to comply with GDPR contractual obligations.

On 16 July 2020, the Court of Justice of the European Union (CJEU) issued a ruling regarding the EU-US Privacy Shield and Standard Contractual Clauses (SCCs), also known as “model clauses.” The CJEU ruled that the EU-US Privacy Shield is no longer valid for the transfer of personal data from the European Union (EU) to the United States (US). However, in the same ruling, the CJEU validated that companies can continue to use SCCs as a mechanism for transferring data outside of the EU.

Following this ruling, Relationship Cloud customers and partners can continue to utilize Relationship Cloud instances within US, in compliance with EU data protection laws – including the General Data Protection Regulation (GDPR). In addition, Relationship Cloud customers are able to request Relationship Cloud instance from their account team within most geographic locations globally. Here’s a list of data protection artifacts and a list of subprocessors.


Third Party Penetration Test and Code Review Reports

Icon of a clipboard and checklist. In addition to our continuous security testing lifecycle, vArmour engages the British Standards Institute (BSIgroup) to conduct annual security testing of the Relationship Cloud service. This testing includes Secure Code Reviews, application Pen Testing and Cloud environment Pen Testing. Customers can request access to the reports provided by BSIgroup to meet their internal Third Party Risk and Audit requirements. Here are our pen test reports.

Let’s Solve Your Challenges, Together.

Contact Us

Question? Interested in scheduling a demo from our sales team? Fill out the form and a vArmour representative will contact you shortly.


T : 650.564.5100
F : 650.564.5101
270 3RD ST.


GU34 1HG

Thank you! We’ll be in touch shortly.


Timothy Eades

Chief Executive Officer