Security Portal

Get access to this Security Portal
  • Review sensitive security details
  • Unlock documents
  • Reclaim access anytime
Had access before? Reclaim access

Overview

Ramp exists to save you time and to save you money. We recognize that you entrust us with your data. Earning and maintaining that trust is a core part of our company culture, internal operations, and product development processes.

Ramp has earned trust from customers in various tightly regulated industries, including defense, financial services, and medical manufacturing. Our team is committed to safeguarding your data against potential threats, and is excited to share an overview of how we do that on this page.

Compliance

CCPA Logo
CCPA
ISO 27001 Logo
ISO 27001
PCI DSS Logo
PCI DSS
SOC 1 Logo
SOC 1
SOC 2 Logo
SOC 2
Get access to this Security Portal
  • Review sensitive security details
  • Unlock documents
  • Reclaim access anytime
Had access before? Reclaim access

Documents

All
Public
Private
Architecture Diagram
PCI DSS
Pentest Report
SOC 1 Report
SOC 2 Report
ISO 27001
VSAQ
Email Integration Security Brief
Ramp W9
SOC 1 and 2 Continued Operations Letter

Risk Profile

Data Access LevelRestricted
Critical DependenceYes
Third Party DependenceYes
See more

Product Security

Audit Logging
Bank Connections
Integrations
See more

Reports

Architecture Diagram
PCI DSS
Pentest Report
See more

Self-Assessments

VSAQ

Data Security

Access Monitoring
Backups Enabled
Encryption-at-rest
See more

App Security

Code Analysis
Responsible Disclosure
Secure Development Training
See more

Legal

SubprocessorsAlloyAmazonChalkComplyAdvantageDatadog
Cyber Insurance
Privacy Policy
See more

Access Control

Data Access
Logging
Password Security

Infrastructure

Amazon Web Services
Anti-DDoS
Business Continuity & Disaster Recovery
See more

Endpoint Security

Disk Encryption
Endpoint Detection & Response
Mobile Device Management
See more

Network Security

Security Information and Event Management
Zero Trust

Corporate Security

Email Protection
Employee Training
Incident Response
See more

Security Grades

CryptCheck
app.ramp.com
HSTS Preload List
app.ramp.com
Qualys SSL Labs
app.ramp.com
See more

Trust Center Updates

Ramp update of Zendesk security incident

IncidentsCopy link

Last week, Ramp learned of a sophisticated SMS phishing incident targeting Zendesk, Ramp’s third-party customer support vendor. The incident resulted in unauthorized access to Zendesk’s logging platform between September 25, 2022 and October 26, 2022.

Service Data* belonging to Ramp may have been in the compromised logging platform. According to Zendesk, there is no evidence suggesting that the threat actor accessed the Ramp Zendesk instance.

Ramp has requested additional details about Zendesk regarding this incident and will provide any updates if there is a confirmed impact to Ramp customers.

*“Service Data” means all electronic data, text, messages, communications or other materials submitted to and stored within a Service by You, Agents and End-Users in connection with Your use of such Service, excluding Agent Contact Information. Examples of the data that may be contained in impacted logs includes: timestamp, token ID, email address, user agent, username, Account ID, User ID, name, IP address, application paths and parameters, Session IDs, provisioned infrastructure, Ticket and Help Center data, Agent data and other types of Service Data.

Published at N/A

Ramp's SOC 2 Type 2, SOC 1 Type 2, and ISO 27001 Certification Available for Download

ComplianceCopy link

Ramp's 2022 SOC 2 Type 2 and SOC 1 Type 2 reports for the period ending in October 2022 are now available to request and download from our Trust Center.

Our ISO 27001 certification, which we achieved in December 2022, is also available for download.

Published at N/A*

Ramp's response to the 2022 OpenSSL 3 Vulnerabilities

IncidentsCopy link

Ramp's internal environment is not impacted by CVE-2022-3602 or CVE-2022-3786, two high severity issues in openssl version 3.

To confirm this, we took the following steps:

  • Reviewed all container images stored in our image registries
  • Reviewed all containers running in our environment
  • Reviewed all virtual machines running in our environment From all these reviews, none use openssl version 3.

Separately we reviewed the openssl versions installed on our corporate endpoints, updating to 3.0.7 where appropriate. We continue to track announcements from our subprocessors and partners for impact.

As you investigate your environment, keep in mind that many platforms ship with openssl 1.1.1, which is not included in this CVE. Learn more about technology that is not impacted here.

Published at N/A

If you think you may have discovered a vulnerability, please send us a note.

Report Issue