be_ixf;ym_201910 d_15; ct_100

Tricentis Security

Tricentis takes a proactive approach to security and uses technical, physical, and administrative security controls to prevent as much as possible, detect what cannot be prevented, and respond to events of interest appropriately. No security program is 100% immune to compromise, but we believe the security controls in place are appropriate for the environment in which we operate.

image
Highlights to our information security program include:
Encryption

Data is protected with encryption in transit and at rest using modern cyphers and appropriate key management.

Authentication

Tricentis products offer integrations for LDAP and/or SAML 2.0. Multi-factor authentication is required for management of Tricentis SaaS infrastructures.

Automated Patching

Systems and applications are automatically updated. With Tricentis’ SaaS offerings, there’s no need to manage infrastructure.

High Availability

Multiple availability zones offer high availability and resiliency. Data can also be recovered in additional regions as needed.

Backups

Systems and customer data for SaaS environments are regularly backed up to prepare for disaster recovery and system outages.

Secure Application Development

Tricentis’ R&D team practices static and dynamic code analysis, 3rd party assessments, peer reviews, and formal change control.

World Class Datacenters

SaaS infrastructure environments are operated in AWS or Azure, both of which provide world-class physical security controls.

Access Control

Role-based access controls enable customers to assign access rights to objects on a granular basis from within Tricentis applications.

Active Monitoring

SaaS environments are actively monitored for security events of interest and responded to accordingly.

Tricentis Security Controls

Tricentis System and Organization Controls (SOC) Reports are independent third-party examination reports that show how Tricentis implements key compliance control objectives and helps you and your auditors understand the Tricentis security controls established to support secure operations and compliance.

Responsible Disclosure

If you have discovered a vulnerability in a Tricentis application, please don’t share it publicly. Instead, please submit a report to us through a support ticket. We review all security concerns that are submitted and we strive to stay aware of the latest security developments by monitoring the threat landscape and by working with external security researchers and companies.

If you believe your account has been compromised or you are seeing suspicious activity on your account, please report it to your application administrator and support@tricentis.com.