Merge pull request #22003 from jxainguyen/develop

Annual updates, add 42K, SOC1, remove HITRUST

Author: tejaswaroop-nr

src/content/docs/logs/ui-data/find-unusual-logs-log-patterns.mdx

@@ -70,11 +70,11 @@ If you see <DNT>**Patterns are turned off**</DNT> in your logs UI, click <DNT>**
 
     <tr>
       <td>
-        HITRUST accounts
+        HIPAA accounts
       </td>
 
       <td>
-        The log patterns feature is not FedRAMP compliant. FedRAMP or other HITRUST accounts are not eligible to use patterns.
+        The log patterns feature is not FedRAMP compliant. FedRAMP or other HIPAA accounts are not eligible to use patterns.
       </td>
     </tr>
 

src/content/docs/security/security-privacy/compliance/certificates-standards-regulations/fedramp.mdx

@@ -153,19 +153,6 @@ The following services are not FedRAMP-authorized:
       </td>
     </tr>
 
-    <tr>
-      <td>
-        N/A
-      </td>
-
-      <td>
-        AWS
-      </td>
-
-      <td>
-        [Historical Data Export](/docs/apis/nerdgraph/examples/nerdgraph-historical-data-export)
-      </td>
-    </tr>
     <tr>
       <td>
         N/A

src/content/docs/security/security-privacy/compliance/certificates-standards-regulations/hipaa.mdx

@@ -46,7 +46,7 @@ The following applies to the New Relic Observability Platform:
       </td>
 
       <td>
-        2024-MAR-08
+        2025-AUG-31
       </td>
 
       <td>
@@ -86,75 +86,6 @@ The following services are not covered under the BAA:
   </thead>
 
   <tbody>
-    <tr>
-      <td>
-        N/A
-      </td>
-
-      <td>
-        Azure
-      </td>
-
-      <td>
-        Azure Native New Relic Service
-      </td>
-    </tr>
-
-    <tr>
-      <td>
-        N/A
-      </td>
-
-      <td>
-        AWS
-      </td>
-
-      <td>
-        CodeStream
-      </td>
-    </tr>
-
-    <tr>
-      <td>
-        N/A
-      </td>
-
-      <td>
-        AWS, GCP
-      </td>
-
-      <td>
-        ML Ops
-      </td>
-    </tr>
-
-    <tr>
-      <td>
-        N/A
-      </td>
-
-      <td>
-        Customer
-      </td>
-
-      <td>
-        [New Relic Mobile App](/docs/mobile-apps/mobile-apps-intro/#mobile-app-features)
-      </td>
-    </tr>
-
-    <tr>
-      <td>
-        N/A
-      </td>
-
-      <td>
-        AWS
-      </td>
-
-      <td>
-        [Historical Data Export](/docs/apis/nerdgraph/examples/nerdgraph-historical-data-export)
-      </td>
-    </tr>
     <tr>
       <td>
         N/A
@@ -182,19 +113,5 @@ The following services are not covered under the BAA:
         Pixie: Auto-telemetry with Pixie
       </td>
     </tr>
-
-    <tr>
-      <td>
-        N/A
-      </td>
-
-      <td>
-        AWS, Azure
-      </td>
-
-      <td>
-        New Relic AI
-      </td>
-    </tr>
   </tbody>
 </table>

src/content/docs/security/security-privacy/compliance/certificates-standards-regulations/iso-27001.mdx

@@ -8,7 +8,7 @@ metaDescription: Criteria and compliance with annual SOC 2 and FedRAMP audits by
 freshnessValidatedDate: never
 ---
 
-The International Organization for Standardization 27001 Standard (ISO 27001) is an information security standard that ensures office sites, development centers, support centers and data centers are securely managed. These certifications run for 3 years and have annual touch point audits (surveillance audits). The scope of certification covers the Company’s locations in Portland, Oregon; San Francisco, California; Barcelona, Spain; and London, United Kingdom.
+The International Organization for Standardization 27001 Standard (ISO 27001) specifies requirements for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS).  Conformity with ISO/IEC 27001 means that an organization has put in place a system to manage risks related to the security of data owned or handled by the company, and that this system respects all the best practices and principles.  This certification runs for 3 years and has annual touch point audits (surveillance audits).  The scope of certification covers the Company’s locations in Portland, Oregon, USA (main location), San Francisco, California, USA; London, United Kingdom; Barcelona, Spain; Bangalore and Hyderabad, India.
 
 ## Applicable document by service [#applicable-services]
 <Callout variant="caution">
@@ -41,15 +41,15 @@ The following applies to the New Relic Observability Platform:
   <tbody>
     <tr>
       <td>
-        [ISO 27001:2022 Certificate](https://www.schellman.com/certificate-directory)
+        [ISO 27001:2022 Certificate](https://trust.newrelic.com/)
       </td>
 
       <td>
-        2024-OCT-1
+        2025-SEPT-18
       </td>
 
       <td>
-        AWS, Azure, GCP, First Party
+        AWS, Azure, First Party
       </td>
 
       <td>
@@ -60,7 +60,7 @@ The following applies to the New Relic Observability Platform:
 </table>
 
 <Callout variant="important">
-You can find New Relic's ISO 27001:2022 certificate [here](https://www.schellman.com/certificate-directory).
+You can find New Relic's ISO 27001:2022 certificate [here](https://trust.newrelic.com/).
 </Callout>
 
 ## Services not in scope [#not-scope]
@@ -85,34 +85,6 @@ The following services are not ISO 27001 authorized:
   </thead>
 
   <tbody>
-    <tr>
-      <td>
-        N/A
-      </td>
-
-      <td>
-        AWS
-      </td>
-
-      <td>
-        CodeStream
-      </td>
-    </tr>
-
-    <tr>
-      <td>
-        N/A
-      </td>
-
-      <td>
-        AWS, GCP
-      </td>
-
-      <td>
-        ML Ops
-      </td>
-    </tr>
-
     <tr>
       <td>
         N/A

src/content/docs/security/security-privacy/compliance/certificates-standards-regulations/iso-42001.mdx

@@ -0,0 +1,116 @@
+---
+title: ISO 42001 standard 
+tags:
+  - Security
+  - Security and Privacy
+  - Compliance
+metaDescription: Criteria and compliance with annual SOC 2 and FedRAMP audits by New Relic services.
+freshnessValidatedDate: never
+---
+
+The International Organization for Standardization 42001 Standard (ISO 42001) specifies requirements for establishing, implementing, maintaining, and continually improving an Artificial Intelligence Management System (AIMS).  Conformity with ISO/IEC 42001 means that an organization has put in place a system to manage risks and opportunities associated with AI and ensures responsible development and use of AI systems.  This certification runs for 3 years and has annual touch point audits (surveillance audits).  The scope of certification covers the Company’s locations in Portland, Oregon, USA; Barcelona, Spain; Bangalore and Hyderabad, India.
+
+## Applicable document by service [#applicable-services]
+<Callout variant="caution">
+  Not all [New Relic Observability Platform](/docs/new-relic-one/use-new-relic-one/get-started/introduction-new-relic-one/) services are in compliance with this program. For non-compliant services, please see the section of [services not in scope](#not-scope).
+</Callout>
+
+The following applies to the New Relic Observability Platform:
+
+<table>
+  <thead>
+    <tr>
+      <th style={{ width: "200px" }}>
+        Document
+      </th>
+
+      <th>
+        Last updated
+      </th>
+
+      <th>
+        Infrastructure
+      </th>
+
+      <th>
+        Services
+      </th>
+    </tr>
+  </thead>
+
+  <tbody>
+    <tr>
+      <td>
+        [ISO 42001 Certificate](https://trust.newrelic.com/)
+      </td>
+
+      <td>
+        2024-OCT-1
+      </td>
+
+      <td>
+        AWS, Azure, First Party
+      </td>
+
+      <td>
+        New Relic Observability Platform
+      </td>
+    </tr>
+  </tbody>
+</table>
+
+<Callout variant="important">
+You can find New Relic's ISO 42001 certificate [here](hhttps://trust.newrelic.com/).
+</Callout>
+
+## Services not in scope [#not-scope]
+
+The following services are not ISO 42001 authorized:
+
+<table>
+  <thead>
+    <tr>
+      <th style={{ width: "200px" }}>
+        Last updated
+      </th>
+
+      <th>
+        Infrastructure
+      </th>
+
+      <th>
+        Services
+      </th>
+    </tr>
+  </thead>
+
+  <tbody>
+    <tr>
+      <td>
+        N/A
+      </td>
+
+      <td>
+        GCP
+      </td>
+
+      <td>
+        Pixie: Community Cloud for Pixie
+      </td>
+    </tr>
+
+    <tr>
+      <td>
+        N/A
+      </td>
+
+      <td>
+        GCP
+      </td>
+
+      <td>
+        Pixie: Auto-telemetry with Pixie
+      </td>
+    </tr>
+  </tbody>
+</table>

src/content/docs/security/security-privacy/compliance/certificates-standards-regulations/pci-dss.mdx

@@ -67,34 +67,6 @@ The following services are not PCI DSS authorized:
   </thead>
 
   <tbody>
-    <tr>
-      <td>
-        N/A
-      </td>
-
-      <td>
-        AWS
-      </td>
-
-      <td>
-        CodeStream
-      </td>
-    </tr>
-
-    <tr>
-      <td>
-        N/A
-      </td>
-
-      <td>
-        AWS, GCP
-      </td>
-
-      <td>
-        ML Ops
-      </td>
-    </tr>
-
     <tr>
       <td>
         N/A