Secure
Throughout the development and production lifecycle
Compliant
With local, regional, and global regulations and frameworks
Reliable
With an architecture that supports the most complicated environments
Private
So your data is viewable only by you or others you trust
.webp)
Security
From platform architecture to product development and ongoing operations, security is built into our processes to ensure your data is secure.
- Robust data security and DevSecOps program that includes regular penetration testing by an external third-party
- We leverage our own Enterprise Identity Cloud (EIC) platform and other security tools to manage security
- Mask your instance from the internet without having to take it down in case of advanced threat levels
- Secured and encrypted communications to managed endpoints
ISO27001:2013
ISO 27017:2015
SOC 1 and SOC 2 Type II
FedRAMP Moderate
PCI-DSS
Saviynt is ISO27001:2013 certified. The standard outlines the requirements for an information security management system (ISMS). Certification attests to Saviynt’s ISMS based on international best practices for security management and controls.
ISO 27017 certification acknowledges that Saviynt has addressed cloud-specific information security threats. The certification attests that services have met best practices for cloud service providers and cloud service customers.
Saviynt has met validation that our security controls are in accordance with the American Institute of Certified Public Accountants’ Trust Services Principles and Criteria.
As of July 2022, Saviynt is still the only cloud-based IGA and PAM provider that meets the FedRAMP Moderate requirements for controlled unclassified information in federal government agencies.
In support of customers who process and store payment card data, Saviynt maintains PCI-DSS certification in alignment with the requirements set by the PCI Security Standards Council.
Privacy
You have control over who sees and has access to your data. Our compliance program aligns with internationally recognized frameworks and data privacy/processing regulations.
- Multi-tenant foundation ensures data across customer environments is never shared
- Data residency in 25+ regions around the world
- Administrator controls within the platform, including for third-parties
- Ability to bring your own keys with you
Reliability
Saviynt’s cloud-based infrastructure is designed for elasticity and maximum uptime with built-in redundancy. The platform scales on demand, reduces latency, and increases reliability.
- Distributed application architecture for resiliency in the face of natural disasters or system failures
- Each service on the platform is monitored for operational effectiveness and availability
- Formal business continuity and disaster recovery program with multi-regional recovery capabilities to ensure availability
- Full data, network, and service tenant isolation with auto-scaling to maximize performance and eliminate throttling
To report a vulnerability, please email security@saviynt.com with “Security Vulnerability” in the subject line. To ensure a timely review of the vulnerability, please include supporting material, including steps on how to reproduce the issue. This will help us better understand the nature and severity of the vulnerability.
We will keep you apprised of our efforts in investigating and remediating your concern. When the investigation is complete, we will deliver the results of our findings to you, along with a resolution plan.
We do not allow active penetration, attacks, or audits of our infrastructure through manual or automated means.