Trust and Security Center
Protecting 50+ million identities requires robust security and the trust of our customers
Be confident in who you partner with
We are dedicated to protecting the data under our control. Our security program provides safeguards that follow industry best practices to secure our customers’ sensitive information — from initial product development and coding and platform architecture to data transmission and storage, including regular employee training and physical security. Visit our Trust Center for additional documentation and resources regarding how we provide a secure environment for our customers.
Visit Saviynt’s Trust Portal
Secure
Throughout the development and production lifecycle
Compliant
With local, regional, and global regulations and frameworks
Reliable
With an architecture that supports the most complicated environments
Private
So your data is viewable only by you or others you trust
Security
From platform architecture to product development and ongoing operations, security is built into our processes to ensure your data is secure.
- Robust data security and DevSecOps program that includes regular penetration testing by an external third-party
- We leverage our own Enterprise Identity Cloud (EIC) platform and other security tools to manage security
- Mask your instance from the internet without having to take it down in case of advanced threat levels
- Secured and encrypted communications to managed endpoints
Compliance
We adhere to global security standards and regulations and are audited by independent third parties. Core certifications & attestations include SOC 1 and 2 Type II, ISO 27001:2013, ISO 27017:2015, and PCI-DSS.
We are the only SaaS-based, converged identity platform FedRAMP Moderate authorized for IGA and PAM.
ISO27001:2013
ISO 27017:2015
SOC 1 and SOC 2 Type II
FedRAMP Moderate
PCI-DSS
Saviynt is ISO27001:2013 certified. The standard outlines the requirements for an information security management system (ISMS). Certification attests to Saviynt’s ISMS based on international best practices for security management and controls.
ISO 27017 certification acknowledges that Saviynt has addressed cloud-specific information security threats. The certification attests that services have met best practices for cloud service providers and cloud service customers.
Saviynt has met validation that our security controls are in accordance with the American Institute of Certified Public Accountants’ Trust Services Principles and Criteria.
As of July 2022, Saviynt is still the only cloud-based IGA and PAM provider that meets the FedRAMP Moderate requirements for controlled unclassified information in federal government agencies.
In support of customers who process and store payment card data, Saviynt maintains PCI-DSS certification in alignment with the requirements set by the PCI Security Standards Council.
Privacy
You have control over who sees and has access to your data. Our compliance program aligns with internationally recognized frameworks and data privacy/processing regulations.
- Multi-tenant foundation ensures data across customer environments is never shared
- Data residency in 25+ regions around the world
- Administrator controls within the platform, including for third-parties
- Ability to bring your own keys with you
Reliability
Saviynt’s cloud-based infrastructure is designed for elasticity and maximum uptime with built-in redundancy. The platform scales on demand, reduces latency, and increases reliability.
- Distributed application architecture for resiliency in the face of natural disasters or system failures
- Each service on the platform is monitored for operational effectiveness and availability
- Formal business continuity and disaster recovery program with multi-regional recovery capabilities to ensure availability
- Full data, network, and service tenant isolation with auto-scaling to maximize performance and eliminate throttling
Report a
Vulnerability
To report a vulnerability, please email security@saviynt.com with “Security Vulnerability” in the subject line. To ensure a timely review of the vulnerability, please include supporting material, including steps on how to reproduce the issue. This will help us better understand the nature and severity of the vulnerability.
We will keep you apprised of our efforts in investigating and remediating your concern. When the investigation is complete, we will deliver the results of our findings to you, along with a resolution plan.
We do not allow active penetration, attacks, or audits of our infrastructure through manual or automated means.