Planview Viz Security FAQ

Planview encrypts customer information while at rest and when transmitted over the Internet. All browser connections are encrypted using TLS. All connections of on-prem Viz Agent (if used) to the Viz Cloud backend are encrypted using TLS.

All data at rest is encrypted using standard AWS capabilities. Security critical information, such as repository credentials, is additionally encrypted in the database using per-customer keys.

Planview enforces logical segregation for each customer’s data within our environment. Planview maintains strict controls over access to our customer data. We will only access specific customer data if it is required to provide the service (for example, if the customer opens a support ticket and Planview needs such access to resolve it).

Planview’s Cloud architecture is built to be resilient and is aligned with our service level targets. Planview has established data backup and restore procedures that are tested on a regular basis.

Planview has adopted robust secure development practices based on industry standards. We provide our engineers with regular security training, and perform security code reviews.

Planview has implemented extensive automated testing to ensure ongoing quality of our service.

Planview employs static and dynamic code scanning as part of our development process to proactively identify potential security issues. All scan results are reviewed, triaged, and appropriately resolved if deemed applicable.

Planview has established a number of security testing processes. Planview conducts regular vulnerability scanning using commercially available and open source tools.

Planview also conducts penetration testing through a third party partner on an annual basis.

Any issues identified through vulnerability scanning and penetration testing are resolved in a timely manner in accordance with the assessed risk level.

Planview maintains a Security Incident Response Plan (SIRP) that defines our process to deal with security issues. Our SIRP establishes roles and responsibilities during a security incident, escalation paths and requirements, and customer notification requirements.

Planview keeps the plan up-to-date, conducts regular reviews and incident simulation sessions, and ensures relevant staff are trained.

Planview’s Hub and Viz SaaS products are SOC 2 certified. You can request a recent copy of our confidential SOC 2 audit report by contacting your account manager.

Planview monitors the regulatory environment and ensures Tasktop is compliant with all applicable regulatory requirements and standards. In particular, we have analyzed our services and implemented appropriate technological and organizational measures to comply with GDPR.

All Planview Hub Cloud infrastructure is hosted in Amazon AWS in data centers that are SOC2, ISO 27001, ISO 27017, and ISO 27018 certified. You can find more information about AWS compliance and certifications here.