Quantcast

Security Controls

Align to leading information security standards and frameworks such as ISO 27001, NIST and FedRAMP

  •  Access Controls and Authentication
  •  Audit and Accountability
  •  Contingency Planning
  •  Incident Response
  •  Workforce Security
  •  Physical Security
  •  Risk Assessment and vulnerability management
  •  Secure Software Development process
  •  Systems Communication Protection
  •  Regulatory compliance

Identification and Authentication

Enterprise security features

  •  SAML, OAUTH, LDAP
  •  Login and password management features, compliant with different security frameworks
  •  Virtual Private Network (VPN) for integration purposes in Automation Services
  •  Segregation of duties role-based, delegated administration platform security
  •  Two-factor authentication

Secure Architecture & Features

Enterprise data capabilities

  •  Data and application isolation
  •  Data replication features
  •  Data resiliency (HA fault tolerant systems and DRP)
  •  File integrity monitoring
  •  PaaS based architecture

Continuous Monitoring

Cloud Services continuously monitored

  •  Security monitoring for advanced threats
  •  Performance and health
  •  Service level agreements
  •  Uptime/availability

Defense-in-depth protection

Multiple layers of security which apply defense-in-depth security strategy to the global infrastructure.

  •  Network intrusion detection and prevention system (IDS/IPS)
  •  Web application firewall
  •  Network layer access control
  •  Isolation and strict access controls between infrastructure tiers

Encryption and data isolation

Strong encryption technologies in data transit and at rest.

  •  Transport Layer Security (TLS) for end-user connections
  •  Customer data backups are encrypted
  •  Secure connection channels with customer data sources

Vulnerability testing

Bizagi contracts an independent expert security firm to perform tests on Bizagi Cloud Services.

  •  Vulnerability scanning and source code review
  •  Internal and external penetration testing
  •  Customers are notified about critical vulnerabilities and remediation actions are taken

Workforce Security

Integration with multiple identity providers

  •  Formal screening process that includes appropriate levels of background check
  •  Extensive information security and privacy training
  •  Continuous training on industry best practices

Security incident management

Bizagi takes security seriously. We encourage our community to report security vulnerabilities and security incidents to Bizagi.

  •  All submissions are investigated by the Security Team
  •  Bizagi takes appropriate action to manage security incidents and breaches coordinating with our customer’s Security Team
  •  Bizagi promptly notifies affected customers

Trust Center

Overview

Overview

Availability

Availability

Compliance

Compliance