Trust & Security Center

Saviynt is committed to offering a secure and compliant platform that provides
our customers a state of the art, cloud-based security experience.

Be Confident in Who You Partner With

A robust and flexible architecture to meet your security and compliance needs

Cluster-based multi-tenant architecture to maximize security and performance
Gain granular control of your data with Bring Your Own (BYO) keys, vaults and more
Meet data sovereignty needs with residency available in 27+ regions globally

The Right Tenancy for Today’s World

Our unique multi-tenant, cluster-based architecture ensures that resources are not shared and delivers a scalable and performant platform.

  • Multi-tenant foundation ensures data across customer environments is never shared.
  • Micro-services architecture enables auto scaling and dynamic allocation of resources

Resilient and Secure Architecture

Saviynt’s Enterprise Identity Cloud (EIC) architecture is designed for maximum security.

  • Distributed application architecture for resiliency in the face of natural disasters or system failures
  • Bring your existing vault investments and leverage them with Saviynt’s governance capabilities
  • Each service on the platform is monitored for operational effectiveness and availability
  • Mask your instance from the internet without having to take it down in case of advanced threats


Saviynt is audited by independent third parties and adheres to SOC 1 and 2 Type II, ISO 27001:2013, ISO 27017:2015, and PCI to secure customer information, and is FedRAMP Moderate authorized.

Our platform leverages leading public cloud providers to provide best in class availability and security that are compliant with SOC 2, SOC 3, FIPS 140-2, ISO 27001, HIPAA, FISMA and CSA.

Saviynt has met validation that our security controls are in accordance with the American Institute of Certified Public Accountants’ Trust Services Principles and Criteria.

SOC 1 Type II Audit Report

Saviynt is ISO27001:2013 certified. The standard outlines the requirements for an information security management system (ISMS). Certification attests to Saviynt’s ISMS is based on international best practices for security management and controls.

ISO 27001:2013

Saviynt has met validation that our security controls are in accordance with the American Institute of Certified Public Accountants’ Trust Services Principles and Criteria.

SOC 2 Type II Audit Report

ISO 27017 certification acknowledges that Saviynt has addressed cloud-specific information security threats. The certification attests that services have met best practices for cloud service providers and cloud service customers.

ISO 27017:2015

As of July 2022, Saviynt is still the only cloud-based IGA and PAM provider that meets the FedRAMP Moderate requirements for controlled unclassified information in federal government agencies.

FedRAMP Moderate

In support of customers who process and store payment card data, Saviynt maintains PCI-DSS certification in alignment with the requirements set by the PCI Security Standards Council.

PCI DSS Certified


Saviynt’s cloud-based infrastructure is designed for elasticity and maximum uptime with built in redundancy. Our platform, with data residency in 27+ regions, scales on demand, reduces latency and increases reliability.

Built on the premise of least privileged model, Saviynt leverages its own EIC platform along with other tools in the management and security of the platform.

Application & Data Security

Saviynt has a robust data security and DevSecOps program that includes regular penetration testing by an external third party.

  • TLS with strong ciphers for data in transit
  • Data at rest encryption
  • Automated backups and multi-region disaster recovery to ensure platform availability
  • Secured and encrypted communications to managed endpoints
  • Logging and auditing of all access
  • Code testing and third-party reviews for application security

Report a

To report a vulnerability please email with “Security Vulnerability” in the subject line. To ensure a timely review of the vulnerability, please include supporting material, including steps on how to reproduce the issue. This will help us better understand the nature and severity of the vulnerability.

We will keep you apprised of our efforts in investigating and remediating your concern. When the investigation is complete, we will deliver the results of our findings to you along with a resolution plan.

We do not allow active penetration, attacks, or audits of our infrastructure through manual or automated means.

Schedule a Demo

Ready to see our solution in action?