Principal Security Service Commitments and System Requirements

Last Updated: Aug 20th, 2022

Venafi designs processes and procedures to ensure that our products and services are provided securely and as described in the service commitments we make to our customers and partners.

Venafi commits to maintaining robust security over customer information, meeting or exceeding legal requirements and industry standards, using commercially reasonable safeguards over the hardware, software, personnel, and other relevant security controls. Base security commitments for Venafi as a Service™ include, but are not limited to, the following:

Use of secure access controls, and other processes to support the secure delivery of our solutions.
Use of encryption technologies to protect high value or sensitive data in transit (on the system edges currently) and at rest.
Operational procedures for managing security incidents.
Periodic vulnerability scanning to uncover security vulnerabilities and prioritizing those for remediation.
Independent third-party penetration testing of the environment.
Periodic backup of critical databases.