Rippling takes a holistic approach to ensuring the security of our platform and the data of our customers. As a foundation, we have built our platform and our organization to meet stringent global certification and audit requirements including ISO 27001, ISO 27018, ISO 42001, SOC 1 and SOC 2.

As a cloud company, in order to ensure we are implementing applicable controls and safeguards, we also undergo a CSA STAR Level 2 audit annually. Rippling has a fully staffed Information security team that spans across product security, infrastructure security, detection, and response, corporate security, and security assurance. This team, in collaboration with other parts of the organization, runs frequent risk assessments to ensure security and compliance risks are being treated and mitigated appropriately.

Rippling is a cloud based product that is predominately deployed on AWS. All AWS infrastructure is hardened to industry best practice and include failover for business continuity purposes. Network security solutions and controls are deployed to ensure the protection and resiliency of the platform. Our infrastructure is monitored using a variety of tools and our in-house SIEM. Alerts and Logs are monitored and triaged by our 24x7 incident response team. All data in transit and at rest is encrypted. Access to our infrastructure requires MFA and follows the principle of least privilege. Access is also reviewed quarterly.

For additional information, please refer to our security page and whitepaper. Also Rippling's TOS which includes Rippling's DPA, privacy policy, and other relevant information. Subprocessor information can be found below.