Planview Hub Cloud Security FAQ
- Last updated
- Save as PDF
Last Updated: | Applicable Hub Versions: Cloud
We at Planview understand the importance of security to our customers and work hard to ensure that data security and privacy is a top consideration in all of our business processes. This FAQ outlines some of the ways Planview protects your information in Planview Hub Cloud. Planview’s comprehensive information security program addresses policies and processes, people and technologies to ensure we meet our security objectives.
You can find a security overview for our Cloud products here. If you have any further questions, you can reach out to Planview’s security experts.
Storing your Data
Where is my data stored?
Answer
We host our Cloud products in Amazon AWS in the US or Ireland (if specifically requested by the customer).
Why does Planview store my data?
Answer
For the purpose of change detection, your Hub Cloud instance needs to cache the last known state of synchronized artifacts.
How long does Planview retain collected data?
Answer
Based on the nature of our product, data is kept as long as integrations are configured. If an integration is deleted, the corresponding data will also be removed from our systems.
Is my data co-located with other customers?
Answer
No. Planview provides each customer with their own instance of Hub Cloud and individual data stores.
How is access to my data managed?
Answer
Access to the Hub Cloud application is managed by you, the customer. Planview only provisions the initial administrator account, which is used for subsequent access management.
Access for the hosting environment is managed by Planview and is done on a need-to-know basis (limited to Planview’s operations personnel only), requires internal approval, and is reviewed on a regular basis.
Does Planview need access to PII?
Answer
Planview Hub’s processing of personally identifiable information (PII) is limited to business contact type information (e.g., name, business email). The PII comes from the standard fields in your tools like Reporter, Owner, Assignee, etc.
PII is limited to the users of the tools that are synchronized and generally does not include information about your customers, or any financial information. The scope of the data is defined by you, the customer, based on the configuration of the integrations.
Is the PII pseudonymized?
Answer
No. Due to the nature of the product, pseudonymization cannot be performed.
Is network segmentation in place?
Answer
Yes. Each Hub Cloud instance is segmented.
How often are data exchanges occurring?
Answer
Data exchanges are occurring in near real-time.
Protecting your Data
Is there a disaster recovery plan in place to protect data from accidental loss?
Answer
Yes. Data backups are performed every eight hours and are tested regularly.
Note: If Planview Hub is down, your tools will continue to work as expected (just without your data being in sync). Once Planview Hub comes back up, it will “catch up” and re-synchronize the data, so there is virtually no long-term effect of downtime.
Does Planview encrypt data at rest?
Answer
Yes. Planview utilizes cloud-native encryption capabilities to encrypt data at rest using AES-256.
Is data in-transit encrypted?
Answer
Yes. Access to the Hub Cloud UI uses TLS that is enforced through HSTS.
For tool connections, Planview supports TLS encryption, though tools should be appropriately configured as well.
Note: Configuration of these tool connections is configured by you, the customer, Planview only provides the encryption capabilities.
Does Planview have a compliance certificate?
Answer
Yes. Planview currently has a SOC 2 Type II certification.
What policies exist around purging data after an agreement is terminated?
Answer
Planview removes all collected data within 120 days of termination of an agreement (or at your request) — this includes all data stored in backups.
Does Planview whitelist IPs for access?
Answer
Yes. Planview supports source IP whitelisting to access Planview Hub Cloud.
Does Planview use multi-factor authentication?
Answer
Planview does not currently support MFA to access Planview Hub Cloud.
Note: For context, the general user population does not need access to Hub Cloud, only those who configure or monitor integrations. For the majority of our customers, typically, five or less users have access to Hub Cloud. Planview also supports source IP address-based whitelisting for access to Hub Cloud as an additional protection mechanism.
For Planview's access to the hosting environment, Planview enforces multi-factor authentication.
Does Planview monitor my Hub Cloud environment?
Answer
Yes. Planview has monitoring in place to detect any service degradation or malicious activity.
What protocols are used to transfer data?
Answer
HTTPS is used to access the Planview Hub Cloud UI. For tool connections, Planview uses native APIs provided by tools, which typically use HTTPS as well.
See our connector documentation for more details.
Accessing Planview Hub Cloud
Where is my Hub Cloud Instance located?
Answer
Planview Hub Cloud instances are located in either AWS US East & West or AWS Europe West.
How can I access Planview Hub Cloud?
Answer
Planview Hub Cloud is a SaaS application with a web UI and is accessed via a browser.
Is SSO supported via SAML or OAUTH?
Answer
SSO configuration can be enabled for specific Hub Cloud instances by request.
Using Planview Hub Cloud
Are there any connector-specific version requirements?
Answer
Planview generally supports recent (vendor-supported) versions of the products that we integrate. Up-to-date version requirements can be found in our connector documentation.
Do I need to add plugins for specific connectors?
Answer
No plugins are needed, Planview uses native API calls to access the data using customer-provisioned service accounts.
Does Planview provide audit logging data?
Answer
No. Planview does not currently provide audit logging data.