The Trust Center
Trust is the basis of everything we do
Companies rely on Ä¢¹½ÊÓƵ to:
- Transform IT data into actionable insights so they can deliver seamless, secure digital experiences; and
- Provide fast, agile, secure acceleration of any app, over any network, to users wherever they are.
How We Protect Your Business
Four Pillars of Trust
Ä¢¹½ÊÓƵ leverages a ¡°Four Pillars¡± approach to deliver secure and dependable products and services.
Security
Ä¢¹½ÊÓƵ is continually refining its security strategy and framework?to reflect our organization¡¯s specific security risks. Maintaining a robust security-first culture is key to protecting the integrity of our products and services, inspiring customer confidence, and furthering our business relationships.
Privacy
Ä¢¹½ÊÓƵ knows that customers care about how personal data is used and shared, and Ä¢¹½ÊÓƵ takes privacy very seriously. Ä¢¹½ÊÓƵ¡¯s privacy and risk management framework is designed to meet Ä¢¹½ÊÓƵ¡¯s obligations under applicable global privacy laws , including the General Data Protection Regulation (GDPR).
Compliance
Ä¢¹½ÊÓƵ undergoes third-party audits and obtains product certifications to provide our customers with independent, third-party assurances.
Reliability
Ä¢¹½ÊÓƵ designs our Cloud Service offerings to deliver secure, highly available solutions, 24×7, around the world.?Ä¢¹½ÊÓƵ Support offers 24x7x365 issue resolution, a global logistics network, and robust online resources for all products.
Security
Ä¢¹½ÊÓƵ¡¯s security strategy and framework leverages industry standard best practices and standards. Our security program is led by Ä¢¹½ÊÓƵ¡¯s Chief Information Officer (¡°CISO¡±) with the involvement of key cross-functional stakeholders to enable a holistic approach to security management. Key features of Ä¢¹½ÊÓƵ¡¯s security program include:
Security Policies
Ä¢¹½ÊÓƵ maintains a comprehensive set of security policies. More information regarding the security requirements and measures used to establish and enforce Ä¢¹½ÊÓƵ¡¯s corporate security program can be found?here.
Security Measures
The technical and organizational measures built into specific offerings can be found?here.
Security Training & Awareness
All Ä¢¹½ÊÓƵ personnel are required to undergo annual security training and participate in ongoing security awareness initiatives.
Data Center Security
Ä¢¹½ÊÓƵ does not operate any of its own data centers. We leverage industry-leading third- party cloud infrastructure providers and requires all such providers to have?a SOC 2 Type II annual audit and ISO 27001 certification, or industry recognized equivalent frameworks.
Testing & Verification
Engineering teams regularly review our code, infrastructure, and supporting systems to ensure we have the correct people, processes, and controls to protect product development and customer data.
Security Incident Response
Our security incident response team acts promptly to respond, investigate, and remediate security issues when they are detected..
Privacy
Ä¢¹½ÊÓƵ knows that customers care about how your personal data is used and shared, and Ä¢¹½ÊÓƵ takes privacy very seriously. The Privacy page of Ä¢¹½ÊÓƵ¡¯s Trust Center provides a centralized source of information about Ä¢¹½ÊÓƵ¡¯s privacy practices.
Privacy Resources
When Ä¢¹½ÊÓƵ Acts as a Controller
- ¸é¾±±¹±ð°ù²ú±ð»å¡¯²õ?General Privacy Policy?applies to personal data collected through Ä¢¹½ÊÓƵ¡¯s websites, feedback, and surveys, the sales and contracting process, and both online and offline sales and marketing activities.
- ¸é¾±±¹±ð°ù²ú±ð»å¡¯²õ?CCPA Notice?supplements Ä¢¹½ÊÓƵ¡¯s General Privacy Policy and describes the rights of California residents under the California Consumer Privacy Act of 2018 (¡°CCPA¡±).
- The?EU Applicant and Candidate Privacy Policy?applies to Ä¢¹½ÊÓƵ¡¯s collection and processing of personal data relating to EU job applicants and candidates during the application and recruitment process.
- The?California Applicant Policy?applies to Ä¢¹½ÊÓƵ job applicants and candidates who are residents of California.
When Ä¢¹½ÊÓƵ Acts as a Processor
- Ä¢¹½ÊÓƵ offers a?Data Processing Addendum?(¡°DPA¡±) that sets out the legal framework under which Ä¢¹½ÊÓƵ processes personal data. Ä¢¹½ÊÓƵ¡¯s DPA includes key GDPR-related assurances and incorporates the Standard Contractual Clauses approved by the European Commission to address the transfer of personal data outside of the EEA.
- ¸é¾±±¹±ð°ù²ú±ð»å¡¯²õ?Data Transfer Impact Assessment Guide?assists customers in conducting data transfer impact assessments.
- Ä¢¹½ÊÓƵ performs due diligence reviews to assess the privacy and security practices of our subprocessors, who are required to enter into appropriate security, confidentiality and privacy contract terms based on the risks presented by the assessment, including data processing terms as required by applicable law. A list of Ä¢¹½ÊÓƵ¡¯s current subprocessors can be found?here.
- Additional documentation consisting of ¡°Privacy Data Sheets¡± and ¡°Processing Details¡± describing Ä¢¹½ÊÓƵ¡¯s processing of personal data for specific products and services can be found?here.
We value the trust you place in Ä¢¹½ÊÓƵ. We are committed to providing our customers and partners with secure solutions utilizing state of the art technologies to safeguard your information.
Ä¢¹½ÊÓƵ¡¯s security and privacy framework is governed by the ISO/IEC 27001:2022 Information Security Standard and the ISO/IEC 27701:2019 Privacy Information Management Standard. Ä¢¹½ÊÓƵ has achieved internationally recognized ISO/IEC 27001:2022 and ISO/IEC 27701:2019 certifications. In addition, a subset of Ä¢¹½ÊÓƵ solutions has also undergone Statement on Standards for Attestation Engagements (SSAE) 18 System and Organization Controls (SOC) audits. To maintain these certifications, Ä¢¹½ÊÓƵ undergoes comprehensive annual audits from an independent third-party assessment organization. These security assessors verify Ä¢¹½ÊÓƵ¡¯s compliance in over 140 security and data protection areas within 14 different security categories including access control, incident response, security training, system integrity, identification and authentication, contingency planning, etc.
ISO 27001:2022
Established by the International Organization for Standardization (ISO), the prestigious and internationally recognized ISO 27001 standard requires the certification of an organization¡¯s information security management controls for areas such as data security and business continuity. Ä¢¹½ÊÓƵ¡¯s Information Security and Privacy Management System (ISPMS) has been inspected and certified by Coalfire, an accredited certifying body. The Ä¢¹½ÊÓƵ solutions that are ISO 27001 certified include Ä¢¹½ÊÓƵ IQ and Ä¢¹½ÊÓƵ Aternity Digital Experience Management, including Aternity Employee Experience, Application Performance Management (APM), and NPM+.
Ä¢¹½ÊÓƵ¡¯s ISO 27001 certificate is? available here.
ISO 27701:2019
Established by the International Organization for Standardization (ISO), the prestigious and internationally recognized ISO 27701 standard requires the certification of an organization¡¯s management controls for privacy.? Ä¢¹½ÊÓƵ¡¯s Information Security and Privacy Management System (ISPMS) has been inspected and certified by Coalfire, an accredited certifying body.? The Ä¢¹½ÊÓƵ solutions that are ISO-certified include Ä¢¹½ÊÓƵ IQ and Ä¢¹½ÊÓƵ Aternity Digital Experience Management, including Aternity Employee Experience, Application Performance Management (APM), and NPM+.
Ä¢¹½ÊÓƵ¡¯s ISO 27701 certificate is available here.
SSAE-18 SOC 2 Type II and SOC 3
Ä¢¹½ÊÓƵ publishes a Service Organization Controls 3 (SOC 3) report for the Ä¢¹½ÊÓƵ IQ and Ä¢¹½ÊÓƵ Aternity Digital Experience Management Platforms. This SOC 3 report is a publicly available summary of the detailed SOC 2 Type II report.? The SOC 3 report provides assurance that Ä¢¹½ÊÓƵ¡¯s internal controls have been verified to achieve the AICPA¡¯s Trust Services Criteria for data security and availability.
The detailed SOC 2 Type II report may be requested from your account executive.
Click here for the Ä¢¹½ÊÓƵ IQ and Ä¢¹½ÊÓƵ Aternity SOC 3 report.
Australia IRAP
The ?(IRAP) provides a comprehensive process for the independent assessment of a system¡¯s security against the Australian Government ?(ISM) requirements. The IRAP goal is to maximize the security of Australian federal, state, and local government data by focusing on the information and communications technology (ICT) infrastructure intended for data storage, processing, and communication.
In May 2024, CyberCX, a third-party assessor, completed the Cloud Security Assessment of the Australian regions for the Ä¢¹½ÊÓƵ Aternity EUEM Cloud Service. The assessment was conducted in-line with the Australian Cyber Security Centre¡¯s (ACSC) Cloud Security Assessment and Authorisation Framework, Phase 1. The assessment was conducted using the Australian Government Information Security Manual (ISM) March 2024 version. The Aternity EUEM Cloud Service was assessed at the PROTECTED information classification level. A copy of the assessment may be requested from your account executive.
Penetration Test Summary
Ä¢¹½ÊÓƵ also contracts with Coalfire, an industry-leading penetration testing firm, to perform rigorous security testing of its Ä¢¹½ÊÓƵ IQ and Ä¢¹½ÊÓƵ Aternity solutions. A copy of the most recent penetration test may be requested from your account executive.
Reliability
Available SLAs
Ä¢¹½ÊÓƵ publishes service level agreements (¡°SLAs¡±) for its cloud services?here.
Support
Ä¢¹½ÊÓƵ provides 24×7 follow-the-sun support for its products as described?here.
Business Continuity
Ä¢¹½ÊÓƵ¡¯s Business Continuity Planning (¡°BCP¡±) Statement can be found?here.
Ä¢¹½ÊÓƵ uses select forms of Artificial Intelligence (¡°AI¡±) in certain products.
Ä¢¹½ÊÓƵ IQ
For information about AI in Ä¢¹½ÊÓƵ IQ, click here.
Ä¢¹½ÊÓƵ IQ Assist
For information about AI in Ä¢¹½ÊÓƵ IQ Assist, click here.
Selected Country/Language: English