Planview security
Planview adopts a culture of security because we understand that the security of our customer’s data is everyone’s responsibility and holds confidentiality of customer information as its highest priority.
Monitoring, Testing, and Authentication
Security Logging and Monitoring
Planview products benefit from in-depth, real-time 24×7 security logging and monitoring utilizing industry standard tools. Planview’s dedicated monitoring and response staff continually review potential threats, alerts, and anomalies and coordinates remediation efforts.
Security Testing
Planview products undergo continuous assessments performed by internal staff and external partners ensuring the application remains secure in today’s security climate. Planview ensures its products undergo, at minimum, annual penetration testing by it’s independent, 3rd party partners.
Vulnerabilities are assessed and reviewed by security staff with remediation baked into Planview’s development lifecycle. SLAs are outlined in Planview’s subscription service agreement.
Authentication
Planview products support single sign-on (SSO) and utilizes SAML and active directory federation service for its enterprise clients. Multi-factor authentication can be enabled for and additional layer of security.
Environment
System Status
System availability is monitored by multiple third-party applications and / or services. This information is published on the publicly facing Planview status website.
Permissions Management
Planview products enables customizable and flexible options to customers in how role-based access to each of the products is managed.
Locations and Redundancy
Planview uses SOC2 Type 2 attested and audited co-location facilities around the globe, which provide around-the-clock physical security and top-notch environmental protection including comprehensive identification systems, automatic fire protection, redundant climate control, and fail-over power supply. Planview’s geo-diverse network infrastructure is designed with redundancy and maximum availability for each of its products. Operation-critical components, including network, web, application, and database servers have been deployed and configured to maintain data integrity and availability in the event of failure.
Data
Disaster Recovery and Business Continuity
Critical servers and applications are duplicated at our appropriate disaster recovery site locations which, in the event of a major disruption or disaster, facilitates business continuity. If one of the locations fails, the second site is configured to take over all production tasks to minimize service disruption or capacity loss. In the event of a major disruption or disaster, an emergency response team of selected Planview staff is summoned to activate the disaster recovery plan. Disaster Recovery exercises are performed, at minimum, annually.
Additionally, a Business Continuity Plan tabletop exercise is performed annually by a trusted, independent 3rd party.
Planview’s technical and organizational measures subject to processing personal data