Skip to content

Trust and Security Center

Protecting 50+ million identities requires robust security and the trust of our customers


Be confident in who you partner with

We are dedicated to protecting the data under our control. Our security program provides safeguards that follow industry best practices to secure our customers’ sensitive information — from initial product development and coding and platform architecture to data transmission and storage, including regular employee training and physical security. Visit our Trust Center for additional documentation and resources regarding how we provide a secure environment for our customers.

Our commitment to you

At Saviynt, our mission is to empower enterprises with cutting-edge identity governance and cloud security solutions. We’ve taken our commitment to cybersecurity to the next level by signing the Cybersecurity and Infrastructure Security Agency (CISA) pledge.

In an era where cyber threats are increasingly sophisticated, securing your digital assets is more critical than ever. By aligning with CISA’s principles, Saviynt demonstrates its unwavering commitment to maintaining the highest standards of cybersecurity. Our participation in this initiative ensures that we stay ahead of the curve, providing you with the most robust and reliable security solutions available.

Signing the CISA pledge is more than just a promise—it's a commitment to action. 


Visit Saviynt’s Trust Portal



Throughout the development and production lifecycle



With local, regional, and global regulations and frameworks



With an architecture that supports the most complicated environments



So your data is viewable only by you or others you trust

CPAM-Product-Analyze-Privileged-Activity-1600-o (1)


From platform architecture to product development and ongoing operations, security is built into our processes to ensure your data is secure.

  • Robust data security and DevSecOps program that includes regular penetration testing by an external third-party
  • We leverage our own Enterprise Identity Cloud (EIC) platform and other security tools to manage security
  • Mask your instance from the internet without having to take it down in case of advanced threat levels
  • Secured and encrypted communications to managed endpoints


We adhere to global security standards and regulations and are audited by independent third parties. Core certifications & attestations include SOC 1 and 2 Type II, ISO 27001:2013, ISO 27017:2015, and PCI-DSS.

We are the only SaaS-based, converged identity platform FedRAMP Moderate authorized for IGA and PAM.


ISO 27017:2015left-arrow

SOC 1 and SOC 2 Type IIleft-arrow

FedRAMP Moderateleft-arrow


Asset-47@2xSaviynt is ISO27001:2013 certified. The standard outlines the requirements for an information security management system (ISMS). Certification attests to Saviynt’s ISMS based on international best practices for security management and controls.

Asset-47@2xISO 27017 certification acknowledges that Saviynt has addressed cloud-specific information security threats. The certification attests that services have met best practices for cloud service providers and cloud service customers.

Asset-50@2xSaviynt has met validation that our security controls are in accordance with the American Institute of Certified Public Accountants’ Trust Services Principles and Criteria.

Asset-51@2xAs of July 2022, Saviynt is still the only cloud-based IGA and PAM provider that meets the FedRAMP Moderate requirements for controlled unclassified information in federal government agencies.

pci-dss-tIn support of customers who process and store payment card data, Saviynt maintains PCI-DSS certification in alignment with the requirements set by the PCI Security Standards Council.



You have control over who sees and has access to your data. Our compliance program aligns with internationally recognized frameworks and data privacy/processing regulations.

  • Multi-tenant foundation ensures data across customer environments is never shared
  • Data residency in 25+ regions around the world
  • Administrator controls within the platform, including for third-parties
  • Ability to bring your own keys with you


Saviynt’s cloud-based infrastructure is designed for elasticity and maximum uptime with built-in redundancy. The platform scales on demand, reduces latency, and increases reliability.

  • Distributed application architecture for resiliency in the face of natural disasters or system failures
  • Each service on the platform is monitored for operational effectiveness and availability
  • Formal business continuity and disaster recovery program with multi-regional recovery capabilities to ensure availability
  • Full data, network, and service tenant isolation with auto-scaling to maximize performance and eliminate throttling

Report a


To report a vulnerability, please email with “Security Vulnerability” in the subject line. To ensure a timely review of the vulnerability, please include supporting material, including steps on how to reproduce the issue. This will help us better understand the nature and severity of the vulnerability.

We will keep you apprised of our efforts in investigating and remediating your concern. When the investigation is complete, we will deliver the results of our findings to you, along with a resolution plan.

We do not allow active penetration, attacks, or audits of our infrastructure through manual or automated means.

Schedule a Demo

Ready to see Enterprise Identity Cloud in action?