Bizagi Cloud Platform's security features comply with the latest industry standards for data security and privacy.
Bizagi implements service controls for data security, availability, processing integrity, and confidentiality while enforcing policies and processes to guarantee a robust security initiative for Bizagi as your service provider.
Bizagi Cloud Platform Security
Managing Access to Information
Studio Collaboration Services offers a collaborative environment where you and co-workers can work simultaneously on the same project. If you have several processes in your project you might need to restrict access to some resources to prevent other users modifying objects, that will affect other processes.
Bizagi implements security controls and measures for data integrity, confidentiality and availability aligned to leading information security standards and frameworks such as ISO 27001, NIST and FedRAMP.
•Access controls and Authentication
•Audit and Accountability
•Change Control and Configuration Management
•Role Based access control model
•Secure Software Development process
Network and infrastructure security
To provide a high level of security, in addition to other security controls , Bizagi Cloud Platforms relies on network isolation measures and security components such as:
•Network Intrusion Detection System (IDS)
•Virtual Private network (VPN)
Bizagi follows a malicious software detection and prevention process to maintain a secure environment for the Bizagi Cloud Platform customer including the timely application of patches, fixes, and updates to services and applications. Bizagi enforces Change Management and Vulnerability Management policies.
To provide a higher data security level, as well as other security controls , Bizagi Cloud Platform features data encryption for data both at rest and in transit.
•Data encryption in transit (TLS)
•Data encryption at rest (TDE)
Risk Assessment and Vulnerability Management
Bizagi follows a Risk management methodology. The purpose of this methodology is to establish guidelines for information security and privacy risk analysis and management. Bizagi performs:
•Internal penetration tests are performed for each update.
•External penetration test is performed at least once a year.
Penetration tests meets the OWASP and OSSTMM standards.
Logging and Continuous Monitoring
Monitoring and logging for Bizagi Cloud Platform services, applications, systems, data repositories, middleware and applicable infrastructure in general, is in place.
Logs are analyzed for anomalous behavior and monitoring of the service as a whole is conducted so staff is alerted about any anomaly.
•Bizagi conducts 24x7 monitoring on the services and underlying technology of Bizagi Cloud Platform.
•Monitoring of the Bizagi Cloud Platform availability, resource consumption and performance.
Business Continuity and Operational Resilience
•Bizagi performs different type of backups of the production environment database.
•Bizagi Cloud Platform relies on Azure Availability zones to protect the service and customer data from data center failures.
•Reliability is designed for all underlying services of Bizagi Cloud Platform and especially enforced through a highly available storage layer.
Bizagi is compliant with global regulations.
•Bizagi is HIPAA compliant.
•Bizagi is GDPR compliant.
•Bizagi is FedRAMP authorized.
•Bizagi is ISO 27001 certified.
For in-depth details, please refer to Security and compliance.