Principal Security Service Commitments and System Requirements
Last Updated: Aug 9th, 2023
Venafi designs processes and procedures to ensure that our products and services are provided securely and as described in the service commitments we make to our customers and partners.
Venafi commits to maintaining robust security over customer information, meeting or exceeding legal requirements and industry standards, using commercially reasonable safeguards over the hardware, software, personnel, and other relevant security controls. Base security commitments for the Venafi Control Plane as-a-Service include, but are not limited to, the following:
- Use of secure access controls, and other processes to support the secure delivery of our solutions.
- Use of encryption technologies to protect high value or sensitive data in transit and at rest.
- Operational procedures for managing security incidents and service disruptions.
- Periodic vulnerability scanning to uncover security vulnerabilities and prioritizing those for remediation.
- Independent third-party penetration testing of the environment.
- Periodic backup of critical databases.