• A Formalized Cybersecurity Program and Strategy – Planview’s Cybersecurity Mission Statement: Deliver and maintain a “World-Class” cybersecurity program aligned to Planview’s threat landscape that best protects customer and Planview data, our systems, and our reputation. Our strategic cybersecurity program covers both Planview product security as well as Internal Corporate Security. The program includes strategic pillars, security roadmaps, security metrics, and periodic updates to executive stakeholders and independent auditing companies.

  • Multiple Lines of Defense – Planview understands that the only way to ensure our application security and protection of customer data is at an acceptable level is to approach security testing with multiple lines of defense for Planview SaaS applications as well supporting infrastructure and processes. Our lines of defense include: internal corporate security testing, product application security testing, 3rd party vendor penetration testing, Internal Audit, and external ISO and SOCII auditing firms.

  • Defense-in-Depth Security Model – Planview manages technical security model is based on industry best practices for paramount protection against the most from relevant threats. We leverage a defense-in-depth strategy with preventative and detective controls at each layer customer data is stored, processed or transmitted. Multiple security layers work together to provide superlative protective measures for systems and data.

Product security

  • Security and privacy by design – Planview takes a strong position of embedding information security and privacy in the early stages of new and existing product initiatives in order to ensure risk management is embedded early rather than a post consideration. With each step of the process to build and improve our products, Planview considers the impact to the security and privacy of customer data and embeds security best practices to prevent introducing new risks.

  • Protection of Customer Data – Protection of Customer data is achieved by encryption, access controls, and preventing data on ports and services. Customer data is encrypted in transit using the Transport Layer Security (TLS) protocol and when stored using the Advanced Encryption Standard (AES) algorithm. Encryption is not the only control that is essential to protecting customer data. Multiple controls are in place to prevent unauthorized access to data including: stringent access controls, network segmentation secure password parameters, role-based access permissions (least privilege), and multi-factor authentication.

  • Planview Enterprise One Security Details

    See how Enterprise One ensures data is kept secure and private.

    Review the details
  • Planview PPM Pro Security Details

    See how PPM Pro ensures data is kept secure and private.

    Review the details
  • Planview Projectplace Security Details

    See how Projectplace ensures data is kept secure and private.

    Review the details
  • Planview LeanKit Security Details

    See how LeanKit ensures data is kept secure and private.

    Review the details
  • Planview Spigit Security Details

    See how Spigit ensures data is kept secure and private.

    Review the details

Internal corporate security

  • A best practices approach to security – Planview’s information security program is based on NIST CSF and ISO 27001 standards to provide international alignment of our security control enviroment. This ensures a structured approach to managing every aspect of security internally including cloud servers, datacenters, networks and end user security.

  • An experienced security team – The Information Risk Management (IRM) team includes decades of experience in cybersecurity and risk management oversight ranging from penetration testing, security threat research, global security methodologies, incident response and audit managment. Planview’s dedicated team of information security professionals have decades of experience securing customer data, global consultant experience for Fortune 500 companies as well as in depth security startup experience .

  • Protection in place – Planview utilizes market leading security solutions to provide heuristic based analysis of files and activity to prevent attacks even when attackers use files that don’t match known signatures. This ensures that Planview is protected against zero-day and advanced unknown attack types. Security protection controls are in place for end points (workstations and servers) as well as infrastructure, databases, authentication systems and perimeter devices. Two-Factor authentication and anticpoofing systems are in place to prevent unauthorized access to accounts.

Questions? Get in touch with us.

We want to hear from you. Contact Planview’s security team to get the answers.

Email security team