Trust & Security Center
Saviynt is committed to offering a secure and compliant platform that provides
our customers a state of the art, cloud-based security experience.
Be Confident in Who You Partner With
A robust and flexible architecture to meet your security and compliance needs
The Right Tenancy for Today’s World
Our unique multi-tenant, cluster-based architecture ensures that resources are not shared and delivers a scalable and performant platform.
- Multi-tenant foundation ensures data across customer environments is never shared.
- Micro-services architecture enables auto scaling and dynamic allocation of resources
Resilient and Secure Architecture
Saviynt’s Enterprise Identity Cloud (EIC) architecture is designed for maximum security.
- Distributed application architecture for resiliency in the face of natural disasters or system failures
- Bring your existing vault investments and leverage them with Saviynt’s governance capabilities
- Each service on the platform is monitored for operational effectiveness and availability
- Mask your instance from the internet without having to take it down in case of advanced threats
Saviynt is audited by independent third parties and adheres to SOC 1 and 2 Type II, ISO 27001:2013, ISO 27017:2015, and PCI to secure customer information, and is FedRAMP Moderate authorized.
Our platform leverages leading public cloud providers to provide best in class availability and security that are compliant with SOC 2, SOC 3, FIPS 140-2, ISO 27001, HIPAA, FISMA and CSA.
SOC 1 Type II Audit Report
SOC 2 Type II Audit Report
PCI DSS Certified
Saviynt’s cloud-based infrastructure is designed for elasticity and maximum uptime with built in redundancy. Our platform, with data residency in 27+ regions, scales on demand, reduces latency and increases reliability.
Built on the premise of least privileged model, Saviynt leverages its own EIC platform along with other tools in the management and security of the platform.
Application & Data Security
Saviynt has a robust data security and DevSecOps program that includes regular penetration testing by an external third party.
- TLS with strong ciphers for data in transit
- Data at rest encryption
- Automated backups and multi-region disaster recovery to ensure platform availability
- Secured and encrypted communications to managed endpoints
- Logging and auditing of all access
- Code testing and third-party reviews for application security
To report a vulnerability please email email@example.com with “Security Vulnerability” in the subject line. To ensure a timely review of the vulnerability, please include supporting material, including steps on how to reproduce the issue. This will help us better understand the nature and severity of the vulnerability.
We will keep you apprised of our efforts in investigating and remediating your concern. When the investigation is complete, we will deliver the results of our findings to you along with a resolution plan.
We do not allow active penetration, attacks, or audits of our infrastructure through manual or automated means.
Explore Resource Library
Schedule a Demo
Ready to see our solution in action?