Graylog - Vendor Risk Assessment Documentation

Hello,

My organization is currently utilizing Graylog Open and we were looking for Security Documentation to support performing a Vendor Risk Assessment of Graylog.

A Vendor Risk Assessment is necessary for us to continue to use Graylog Products and to allow further growth into licensed Graylog Products in the future. These requests for information are standard for Organizations following Compliance Regulations that utilize Third Party Vendors and are required to perform reoccurring Risk Assessments.

Documentation would include the companies policies, certifications, and compliance information that support company/product security. (SOC, NIST, ISO, etc.)

graylog support told me this information is not available to be shared to Open Customers, and pointed me to this Community Forum.

Was hoping to chat more with Graylog staff or anyone in the community that has performed similar assessments for these products.

Thanks!

Strange, not even sales?

Arie,

A member of the sales team was who I was initially in contact with. Unfortunately that was the answer I received.

@joe.gross Noticed this article posted by you a few years ago on the importance of Risk Assessments for Organizations. See my request above, I’m trying to perform one on Graylog as a customer, but hit a roadblock on access to documentation. Any help would be appreciated. :slight_smile:

Well, we are a paying customer to get service on Open, and in the documentation taproot there are only technical references available.

On there website there is mentioned nothing on this, one could expect at least ISO.

If your initial sales contact couldn’t answer your questions, ask for a sales rep that can.
We most definitely share this information with serious prospects.

Patrick, thank you for the reply. Do you have any other contacts I can try? Would support@graylog.com be able to fulfill this request? Thanks!

I don’t have any special access to sales :slight_smile: Submit another contact form and specify the information you need.

@Patrickmann thanks for the advice so far. I’ve resubmitted another contact-us form with the information request.