Skip to content
Search

Trust and Security Center

Protecting 60+ million identities requires robust security and the trust of our customers

solution-hero

Be confident in who you partner with

We are dedicated to protecting the data under our control. Our security program provides safeguards that follow industry best practices to secure our customers’ sensitive information — from initial product development and coding and platform architecture to data transmission and storage, including regular employee training and physical security. Visit our Trust Center for additional documentation and resources regarding how we provide a secure environment for our customers.

Our commitment to you

At Saviynt, our mission is to empower enterprises with cutting-edge identity governance and cloud security solutions. We’ve taken our commitment to cybersecurity to the next level by signing the Cybersecurity and Infrastructure Security Agency (CISA) pledge.

In an era where cyber threats are increasingly sophisticated, securing your digital assets is more critical than ever. By aligning with CISA’s principles, Saviynt demonstrates its unwavering commitment to maintaining the highest standards of cybersecurity. Our participation in this initiative ensures that we stay ahead of the curve, providing you with the most robust and reliable security solutions available.

Signing the CISA pledge is more than just a promise—it's a commitment to action. 

CISA Badge

Saviynt Trust Portal

protection-icon-01

Secure

Throughout the development and production lifecycle

policy-icon

Compliant

With local, regional, and global regulations and frameworks

cloud-secure-icon-01

Reliable

With an architecture that supports the most complicated environments

protect-icon-01

Private

So your data is viewable only by you or others you trust

CPAM-Product-Analyze-Privileged-Activity-1600-o (1)

Security

From platform architecture to product development and ongoing operations, security is built into our processes to ensure your data is secure.

  • Robust data security and DevSecOps program that includes regular penetration testing by an external third-party
  • We leverage our own Enterprise Identity Cloud (EIC) platform and other security tools to manage security
  • Mask your instance from the internet without having to take it down in case of advanced threat levels
  • Secured and encrypted communications to managed endpoints

Compliance

We adhere to global security standards and regulations and are audited by independent third parties. Core certifications & attestations include SOC 1 and 2 Type II, ISO 27001:2013, ISO 27017:2015, and PCI-DSS.

We are the only SaaS-based, converged identity platform FedRAMP Moderate authorized for IGA and PAM.

ISO27001:2013left-arrow

ISO 27017:2015left-arrow

SOC 1 and SOC 2 Type IIleft-arrow

FedRAMP Moderateleft-arrow

PCI-DSSleft-arrow

Asset-47@2xSaviynt is ISO27001:2013 certified. The standard outlines the requirements for an information security management system (ISMS). Certification attests to Saviynt’s ISMS based on international best practices for security management and controls.

Asset-47@2xISO 27017 certification acknowledges that Saviynt has addressed cloud-specific information security threats. The certification attests that services have met best practices for cloud service providers and cloud service customers.

Asset-50@2xSaviynt has met validation that our security controls are in accordance with the American Institute of Certified Public Accountants’ Trust Services Principles and Criteria.

Asset-51@2xAs of July 2022, Saviynt is still the only cloud-based IGA and PAM provider that meets the FedRAMP Moderate requirements for controlled unclassified information in federal government agencies.

pci-dss-tIn support of customers who process and store payment card data, Saviynt maintains PCI-DSS certification in alignment with the requirements set by the PCI Security Standards Council.

stay-ahead

Privacy

You have control over who sees and has access to your data. Our compliance program aligns with internationally recognized frameworks and data privacy/processing regulations.

  • Multi-tenant foundation ensures data across customer environments is never shared
  • Data residency in 25+ regions around the world
  • Administrator controls within the platform, including for third-parties
  • Ability to bring your own keys with you
CPAM-Product-Cloud-Transformation-1080

Reliability

Saviynt’s cloud-based infrastructure is designed for elasticity and maximum uptime with built-in redundancy. The platform scales on demand, reduces latency, and increases reliability.

  • Distributed application architecture for resiliency in the face of natural disasters or system failures
  • Each service on the platform is monitored for operational effectiveness and availability
  • Formal business continuity and disaster recovery program with multi-regional recovery capabilities to ensure availability
  • Full data, network, and service tenant isolation with auto-scaling to maximize performance and eliminate throttling

Report a
Vulnerability

personal-demo-icon

To report a vulnerability, please email security@saviynt.com with “Security Vulnerability” in the subject line. To ensure a timely review of the vulnerability, please include supporting material, including steps on how to reproduce the issue. This will help us better understand the nature and severity of the vulnerability.

We will keep you apprised of our efforts in investigating and remediating your concern. When the investigation is complete, we will deliver the results of our findings to you, along with a resolution plan.

We do not allow active penetration, attacks, or audits of our infrastructure through manual or automated means.

A Converged Identity Platform You Can Trust

AICPA SOC

SOC 1 Type II Audit Report

ISO

SOC 1 Type II Audit Report

AICPA SOC 2

ISO 27001:2013

ISO

SOC 2 Type II Audit Report

FedRAMP

ISO 27017:2015

PCJ DSS

FedRAMP Moderate

IRAP

PCI DSS Certified