Planview adopts a culture of security because we understand that the security of our customer’s data is everyone’s responsibility.
Planview utilizes a risk-based information security management system incorporating a defense-in-depth strategy with preventative and detective controls at each of the layers customer data is stored, processed or transmitted.
- Security and Privacy by Design
- – With each step of the process to build and improve our products, Planview considers the impact to the security and privacy of customer data.
- Tested and Tested Again
- – Planview understands that the only way to ensure security controls are operating effectively is to test them. Planview’s internal security team regularly performs penetration tests and vulnerability scans. Just to be sure, Planview also engages with a third party to perform regular penetration testing against its products. Finally, Planview collaborates with customers who want to perform their own penetration testing.
- Restricted Access
- – Planview tightly controls access to environments where customer data is processed or stored. This includes the use of strict password parameters, role based access permissions (least privilege), and multi-factor authentication.
- – Customer data is encrypted in transit using the Transport Layer Security (TLS) protocol and when stored using the Advanced Encryption Standard (AES) algorithm.
- Disciplined Security
- – Planview’s information security management system is built around the ISO 27001 standard. This ensures a structured approach to managing every aspect of security from the network edge to the database where customer data is securely stored.
- Security Operations
- – From penetration testing to incident response, Planview’s dedicated team of information security professionals have decades of experience securing customer data.
- Endpoint Security
- – Planview utilizes market leading endpoint security solutions to provide heuristic based analysis of files and activity to prevent attacks even when attackers use files that don’t match known signatures.