Last Updated: | Applicable Viz Versions: All
We at Planview understand the importance of security to our customers and work hard to ensure that data security and privacy is a top consideration in all of our business processes.
This FAQ outlines some of the ways Planview protects your information in Planview Viz. Planview’s comprehensive information security program addresses policies and processes, people, and technologies to ensure we meet our security objectives.
Planview uses Amazon AWS IaaS platform for secure hosting infrastructure. Amazon AWS is a premier infrastructure-as-a-service provider with extensive security certifications and audited controls. For details on AWS certifications and accreditation, click here.
Planview has established a dedicated environment for our Cloud hosting that is secured and segregated from our corporate network. Planview applies strict access control to our production Cloud environment and only allows access to select Planview personnel on a need-to-know basis. Access is enforced through multi-factor authentication mechanisms. Our Cloud operations personnel undergo background checks and have active non-disclosure agreements.
Planview encrypts customer information while at rest and when transmitted over the Internet. All browser connections are encrypted using TLS. All connections of on-prem Viz Agent (if used) to the Viz Cloud backend are encrypted using TLS.
All data at rest is encrypted using standard AWS capabilities. Security critical information, such as repository credentials, is additionally encrypted in the database using per-customer keys.
Planview enforces logical segregation for each customer’s data within our environment. Planview maintains strict controls over access to our customer data. We will only access specific customer data if it is required to provide the service (for example, if the customer opens a support ticket and Planview needs such access to resolve it).
Planview’s Cloud architecture is built to be resilient and is aligned with our service level targets. Planview has established data backup and restore procedures that are tested on a regular basis.
Planview has adopted robust secure development practices based on industry standards. We provide our engineers with regular security training, and perform security code reviews.
Planview has implemented extensive automated testing to ensure ongoing quality of our service.
Planview employs static and dynamic code scanning as part of our development process to proactively identify potential security issues. All scan results are reviewed, triaged, and appropriately resolved if deemed applicable.
Planview has established a number of security testing processes. Planview conducts regular vulnerability scanning using commercially available and open source tools.
Planview also conducts penetration testing through a third party partner on an annual basis.
Any issues identified through vulnerability scanning and penetration testing are resolved in a timely manner in accordance with the assessed risk level.
Planview maintains a Security Incident Response Plan (SIRP) that defines our process to deal with security issues. Our SIRP establishes roles and responsibilities during a security incident, escalation paths and requirements, and customer notification requirements.
Planview keeps the plan up-to-date, conducts regular reviews and incident simulation sessions, and ensures relevant staff are trained.
Certifications and Compliance
Planview’s Hub and Viz SaaS products are SOC 2 certified. You can request a recent copy of our confidential SOC 2 audit report by contacting your account manager.
Planview monitors the regulatory environment and ensures Tasktop is compliant with all applicable regulatory requirements and standards. In particular, we have analyzed our services and implemented appropriate technological and organizational measures to comply with GDPR.
All Planview Hub Cloud infrastructure is hosted in Amazon AWS in data centers that are SOC2, ISO 27001, ISO 27017, and ISO 27018 certified. You can find more information about AWS compliance and certifications here.
To provide top tier service, we employ several providers (suppliers), such as Amazon AWS. To ensure our supply chain is up to our standards with regard to security, Tasktop proactively monitors our suppliers’ security stance on an ongoing basis. You can find the full list of Planview’s sub-processors here.