Security Portal

Get access to this Security Portal
  • Review sensitive security details
  • Unlock documents
  • Reclaim access anytime
Had access before? Reclaim access

Overview

Ramp exists to save you time and to save you money. We recognize that you entrust us with your data. Earning and maintaining that trust is a core part of our company culture, internal operations, and product development processes.

Ramp has earned trust from customers in various tightly regulated industries, including defense, financial services, and medical manufacturing. Our team is committed to safeguarding your data against potential threats, and is excited to share an overview of how we do that on this page.

Compliance

PCI DSS Logo
PCI DSS
SOC 2 Logo
SOC 2
ISO 27001 Logo
ISO 27001
SOC 1 Logo
SOC 1
Get access to this Security Portal
  • Review sensitive security details
  • Unlock documents
  • Reclaim access anytime
Had access before? Reclaim access

Documents

5 Documents
PCI DSS
Pentest Report
SOC 2 Report
VSAQ
Email Integration Security Brief

Risk Profile

Data Access LevelRestricted
Critical DependenceYes
Third Party DependenceYes
See more

Product Security

Role-Based Access Control
Audit Logging
Integrations
See more

Reports

PCI DSS
Pentest Report
SOC 2 Report

Self-Assessments

VSAQ

Data Security

Access Monitoring
Backups Enabled
Encryption-at-rest
See more

App Security

Responsible Disclosure
Code Analysis
Secure Development Training
See more

Access Control

Data Access
Logging
Password Security

Infrastructure

Anti-DDoS
Amazon Web Services
BC/DR
See more

Endpoint Security

Disk Encryption
Endpoint Detection & Response
Mobile Device Management
See more

Network Security

Security Information and Event Management
Zero Trust

Corporate Security

Email Protection
Employee Training
Incident Response
See more

Security Grades

CryptCheck
app.ramp.com
HSTS Preload List
app.ramp.com
Qualys SSL Labs
app.ramp.com
See more

Trust Center Updates

Ramp's response to the 2022 OpenSSL 3 Vulnerabilities

Ramp's internal environment is not impacted by CVE-2022-3602 or CVE-2022-3786, two high severity issues in openssl version 3.

To confirm this, we took the following steps:

  • Reviewed all container images stored in our image registries
  • Reviewed all containers running in our environment
  • Reviewed all virtual machines running in our environment

From all these reviews, none use openssl version 3.

Separately we reviewed the openssl versions installed on our corporate endpoints, updating to 3.0.7 where appropriate. We continue to track announcements from our subprocessors and partners for impact.

As you investigate your environment, keep in mind that many platforms ship with openssl 1.1.1, which is not included in this CVE. Learn more about technology that is not impacted here.

Published at 11/07/2022, 4:25 PM

If you think you may have discovered a vulnerability, please send us a note.