Swimlane Cloud Security and Compliance

swimlane is designed to enable you to securely access and manage your content technical and physical controls within swimlane prevent the disclosure of content as well as the unauthorized access to content the infrastructure is continuously monitored, and vulnerability testing is conducted regularly by internal and external security staff swimlane extensively leverages security automation and response to alert suspicious activity across customer and corporate environments internally, confidentiality requirements are communicated to employees through training and policies employees are required to attend security awareness training, which includes information, policies, and procedures related to protecting our customers’ data security swimlane provides a number of security features within swimlane cloud which helps ensure the confidentiality, integrity and availability of customer information data at rest here is how swimlane cloud protects your data at rest all customer data and application snapshots are encrypted using the aes256 encryption algorithm before being stored on disk swimlane allows full instance snapshots that support disaster recovery and the rollback of known good application state(s) entries in the swimlane credentials library, as well as user and asset passwords, are encrypted at rest before they are stored in the swimlane database using the aes encryption algorithm with a 256 bit key and a 256 bit salt data in motion swimlane protects your data in motion by using transport layer security, or tls, (versions 1 2 and 1 3) to encrypt data between the swimlane application servers and client browsers, as well as the swimlane database saml/sso swimlane supports local user account provisioning, open ldap, microsoft active directory, and saml 2 0 for more information on how swimlane utilizes saml, see enable saml for sso docid 8wt38fupydfgp zgrv69t two factor authentication two factor authentication, or 2fa, is enforced globally all users are required to set up their individual 2fa prior to being able to access swimlane cloud for more information on 2fa and swimlane, see enable two factor authentication docid 4qozosp3cr6r6du7kwesw role based access control swimlane limits access to information by using role based access control, or rbac rbac can be applied at every level of objects within swimlane workspaces, dashboards, reports, applications, records and individual records granular controls can be applied down to the individual field level, and all components support the ability to restrict access via user, group or role swimlane can dynamically adjust permissions on a per record basis based on user/group field values, as well for example, if a record is assigned to group a, only group a and administrators will have access to that record if the assignment of the record changes to group b, then only group b and administrators will have access to the records for more information about rbac, see role permissions docid\ k3ol8zkjpdel8mx2cmiif and the other permissions topics within the administrator guide access to swimlane cloud swimlane restricts access to production systems to a handful of employees no contractors or third parties have access to any customer production data the list of employees with access to production is audited regularly reporting security vulnerabilities swimlane welcomes reports from security researchers and experts about possible security vulnerabilities in our product to report a security vulnerability in swimlane, please send details to security\@swimlane com swimlane does not have a bug bounty program compliance data centers hosting swimlane cloud have achieved compliance with iso/iec 27001 2013, 27017 2015, 27018 2019, 27701 2019, 9001 2015, and csa star ccm v3 0 1 additionally, all data centers have completed the following examinations ssae 16 soc 1 type ii soc 2 type ii