Security Controls

Align to leading information security standards and frameworks such as ISO 27001 and NIST

• Access Controls and Authentication
• Audit and Accountability
• Contingency Planning
• Incident Response
• Workforce Security
• Physical Security
• Risk Assessment and vulnerability management
• Secure Software Development process
• Systems Communication Protection
• Regulatory compliance

Identification and Authentication

Enterprise security features

• SAML, OAUTH, LDAP
• Login and password management features, compliant with different security frameworks
• Virtual Private Network (VPN) for integration purposes in Automation Services
• Segregation of duties role-based, delegated administration platform security
• Two-factor authentication

Secure Architecture & Features

Enterprise data capabilities

• Data and application isolation
• Data replication features
• Data resiliency (HA fault tolerant systems and DRP)
• File integrity monitoring
• PaaS based architecture

Continuous Monitoring

Cloud Services continuously monitored

• Security monitoring for advanced threats
• Performance and health
• Service level agreements
• Uptime/availability

Defense-in-depth protection

Multiple layers of security which apply defense-in-depth security strategy to the global infrastructure.

• Network intrusion detection and prevention system (IDS/IPS)
• Web application firewall
• Network layer access control
• Isolation and strict access controls between infrastructure tiers

Encryption and data isolation

Strong encryption technologies in data transit and at rest.

• Transport Layer Security (TLS) for end-user connections
• Customer data backups are encrypted
• Secure connection channels with customer data sources

Vulnerability testing

Bizagi contracts an independent expert security firm to perform tests on Bizagi Cloud Services.

• Vulnerability scanning and source code review
• Internal and external penetration testing
• Customers are notified about critical vulnerabilities and remediation actions are taken

Workforce Security

Integration with multiple identity providers

• Formal screening process that includes appropriate levels of background check
• Extensive information security and privacy training
• Continuous training on industry best practices

Security incident management

Bizagi takes security seriously. We encourage our community to report security vulnerabilities and security incidents to Bizagi.

• All submissions are investigated by the Security Team
• Bizagi takes appropriate action to manage security incidents and breaches coordinating with our customer’s Security Team
• Bizagi promptly notifies affected customers