Bizagi Cloud Platform Security

<< Click to Display Table of Contents >>

Navigation:  Bizagi Cloud Platform >

Bizagi Cloud Platform Security

 

Overview

 

Bizagi Cloud Platform's security features comply with the latest industry standards for data security and privacy.

Bizagi implements service controls for data security, availability, processing integrity, and confidentiality while enforcing policies and processes to guarantee a robust security initiative for Bizagi as your service provider.

 

 

Bizagi Cloud Platform Security

Managing Access to Information

 

Bizagi offers a variety of configuration possibilities regarding user access to information and there are many levels on which you can configure those permissions.

 

Defining performers

Configuring access rights to menus and processes

Setting up Case Security

Setting up control properties on forms using expressions

Custom building Widgets that comply with your security standards

Configuring Business Keys for your entities

Integrating the Authentication method of your choice

 

See: Managing Access to Information

 

Security controls

 

Bizagi implements security controls and measures for data integrity, confidentiality and availability aligned to leading information security standards and frameworks such as ISO 27001, NIST and FedRAMP.

 

Access controls and Authentication

Audit and Accountability

Change Control and Configuration Management

Incident Response

Physical Security

Role Based access control model

Secure Software Development process

Workforce Security

 

 

Network and infrastructure security

 

To provide a high level of security, in addition to other security controls , Bizagi Cloud Platforms relies on network isolation measures and security components such as:

 

Application Gateway

WAF

Firewall

Network Intrusion Detection System (IDS)

Virtual Private network (VPN)

Whitelist

 

Malware protection

 

Bizagi follows a malicious software detection and prevention process to maintain a secure environment for the Bizagi Cloud Platform customer including the timely application of patches, fixes, and updates to services and applications. Bizagi enforces Change Management and Vulnerability Management policies.

Data Security

 

To provide a higher data security level, as well as other security controls , Bizagi Cloud Platform features data encryption for data both at rest and in transit.

 

Data encryption in transit (TLS)

Data encryption at rest (TDE)

 

Risk Assessment and Vulnerability Management

 

Bizagi follows a Risk management methodology. The purpose of this methodology is to establish guidelines for information security and privacy risk analysis and management. Bizagi performs:

 

Vulnerability Scanning.

Internal penetration tests are performed for each update.

External penetration test is performed at least once a year.

 

Penetration tests meets the OWASP and OSSTMM standards.

 

Logging and Continuous Monitoring

 

Monitoring and logging for Bizagi Cloud Platform services, applications, systems, data repositories, middleware and applicable infrastructure in general, is in place.

Logs are analyzed for anomalous behavior and monitoring of the service as a whole is conducted, so staff is alerted about any anomaly.

 

Bizagi conducts 24x7 monitoring on the services and underlying technology of Bizagi Cloud Platform.

Monitoring of the Bizagi Cloud Platform availability, resource consumption and performance.

 

Business Continuity and Operational Resilience

 

Bizagi performs different type of backups of the production environment database.

Bizagi Cloud Platform relies on Azure Availability zones to protect the service and customer data from data center failures.

Reliability is designed for all underlying services of Bizagi Cloud Platform and especially enforced through a highly available storage layer.

To increase the reliability of Automation Service, Bizagi offers Disaster Recover services (DR).

 

See: Reliability

Regulatory compliance

 

Bizagi is compliant with global regulations.

 

Bizagi is HIPAA compliant.

Bizagi is GDPR compliant.

Bizagi is FedRAMP authorized.

Bizagi is ISO 27001 certified.

 

 

Additional information

For in-depth details, please refer to Security and compliance.