Rally Software Security Statement
Rally Software utilizes some of the most advanced technology for Internet security available today. When you access our site Secure Socket Layer (SSL) technology protects your information using both server authentication and data encryption, ensuring that your data is safe, secure, and available only to registered Users in your organization. Your data will be completely inaccessible to unauthorized users.
Rally Software provides each User in your organization with a unique user name and password that must be entered each time a User logs on. Rally Software issues a session "cookie" only to record encrypted authentication information for the duration of a specific session. The session "cookie" does not include either the username or password of the user. Rally Software does not use "cookies" to store other confidential user and session information, but instead implements more advanced security methods based on dynamic data and encoded session IDs.
In addition, Rally Software is hosted in a secure server environment that uses a firewall and other advanced technology to prevent interference or access from outside intruders.
It is extremely important to Rally that customer data be handled in a way to ensure:
- It is not accessed by anyone that isn't authorized.
- It is transmitted to/from the customer environment in a secure manner.
- It is stored in a physical/logical secured environment as required by the classification of the data.
- It is only used for the purpose that the data was intended to be accessed for.
- The data is securely destroyed when it is no longer needed in a manner that makes it nearly impossible to retrieve through publicly available data retrieval methods.
We know that most customers don’t just want to take our word on how well Rally does in security. So, we have undergone the following 3rd party inspections/certifications:
- ISO 270001
- NIST 800-53
- FISMA Moderate
- Safe Harbor
- SSAE 16, type 2 (datacenter provider)
Rally performs bi-weekly vulnerability scans of our Internet facing environment and scans of our internal environment twice a year. We perform at least semi-annual penetration tests. In addition, Rally contracts with a 3rd party penetration/vulnerability testing firm to perform annual audits. This same firm performs audits on any component of the application that has undergone a major change or anytime we incorporate a new software technology in our datacenter.
Current and pending customers also have the ability to perform their own vulnerability/penetration testing as long as it is coordinated with Rally Security.
Contact Rally Security by email at firstname.lastname@example.org if you need to:
- Obtain permission to perform penetration/vulnerability testing and scanning
- Report Security vulnerabilities
Rally Public PGP Key
Please use our PGP key to encrypt sensitive communications you may need to send.