At Saviynt, we understand that the confidentiality, integrity, and availability of our customers’ information is critical to both our customers’ business operations and to our own success. We support this responsibility with implementation of secure cloud infrastructure, turn-key internal policies and procedures, a robust third-party risk management program, and industry standard data encryption mechanisms to protect our customers’ data from potential threats.
Compliance lays the foundation on which organizations both build their reputations and protect them. Getting it wrong can lead to serious consequences. The potential costs of non-compliance are staggering and extend far beyond simple fines. For starters, organizations lose an average of $5.87 Million in revenue due to a single non-compliance event. But this is only the tip of the iceberg — the financial impact goes far beyond your bottom line.
To understand the true cost of a non-compliance event, you have to consider some hidden costs that come from business disruption and damage to your company’s reputation.
The total cost of non-compliance actually exceeds $14 Million and comes from:
Saviynt is focused on meeting and maintaining the highest standards of security, data stewardship and availability in an ever-changing environment.
Here is a list of our security controls, security and compliance programs, and related certifications.
Saviynt recognizes that meeting industry-standard, third-party and international audit requirements is an important aspect of building trust with our customers. We regularly complete audits and maintain certification with the key industry standards outlined here.
FedRAMP is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.
FedRAMP requires the implementation of security controls to ensure that all federal data is secure in cloud environments. Saviynt maintains an FedRAMP Moderate, Authorization to Operate (ATO) on the IGA and CPAM products.
ISO 2700x is the international standard for assessment of the Information Security Management System (ISMS), establishing best practice security controls to address people, process, and technology. Saviynt is compliant with ISO 27001:2013 and ISO 27017:2015 with audits performed annually.\
The PCI-DSS Attestation of Compliance (AOC) is a declaration of a service provider’s compliance with the Payment Card Industry Data Security Standard Requirements and Security Assessment procedures. Though Saviynt is not a payment service provider and our product is not designed to access, create, store, process or transmit Cardholder Data, Saviynt completes a PCI-DSS Level 1 assessment annually to meet the requirements of customers within the financial industry.
Saviynt partners with an independent, third-party security assessor on an annual basis to audit internal financial and security controls against System and Organization Controls, or SOC standards.
SOC 1 is the AICPA standard for reporting the effectiveness of a service organization’s internal controls for financial reporting.
SOC 2 is the AICPA standard for reporting the effectiveness of security controls within service organizations, including Software-as-a-Service providers (SaaS). Saviynt completes the SOC 2 audit utilizing the Security, Confidentiality, Processing Integrity, Availability, and Privacy trust service principles.
Saviynt is compliant with SOC 1 – Type II and SOC 2 – Type II standards with audits performed on an annual basis.
We’re committed to delivering outstanding customer service in a way that bolsters security and compliance. And we strive to strengthen cybersecurity risk posture by providing a highly secure platform as well as a built-in controls framework aligned to important industry-standard security compliance frameworks.
We provide:
Our commitment to protecting and preserving customer trust directs the decisions we make daily and guides our relentless focus on security and engineering. These important compliance achievements provide independent validation of the security controls and processes implemented by Saviynt to protect customer data. We wouldn’t have it any other way.