Tripwire is committed to providing secure products and services. We believe appropriate security measures are critical to a company’s longevity, financial success, and customer satisfaction. This document outlines Tripwire’s practices and commitments to comprehensive security and privacy procedures to safeguard Tripwire SaaS solutions.
SaaS Service
This document describes the administrative, technical, and physical controls applicable to Tripwire SaaS solutions (the “Service”). This document does not apply to any other product or service offered by Tripwire. For more information regarding information security standards applicable to Personal Data and Customer Data processed by Tripwire SaaS solutions, please see the Tripwire Data Processing Addendum, available at www.tripwire.com/terms/.
Data Access Control
Data segregation occurs such that each customer is logically separated within the service and logical segregation is built into the architecture. Additionally, technical and organizational measures to ensure that employees authorized to access Customer Data gain access only to such Customer Data in accordance with their access rights, and that Customer Data cannot be read, copied, modified or deleted without authorization, including:- Documented policies, procedures and training regarding access, use, change and deletion of Customer Data
- Differentiated access rights (profiles, roles, transactions and objects)
- Monitoring and logging of access, and retention of logs
- Maintaining reports of access
- Maintaining a security awareness program to train personnel about their security obligations, including training about data classification obligations, physical security controls, security practices, and Security Incident reporting
- Taking disciplinary action against employees who access Customer Data without authorization
Security Management
Tripwire’s SaaS solutions are guided by industry standards such as the PCI DSS, CIS Critical Security Controls, and the Cloud Security Alliance recommendations. The Service undergoes an annual SOC 2 Type II audit and a report can be supplied upon request.Tripwire’s Security Management processes includes, but is not limited to:
- A Secure Software Development Lifecycle
- Vulnerability Management
- Secure Configuration Management
- Logging and Log Management
- Access Controls and Access Management
- Change Management
- End-to-end encryption for data in transit and at rest
- Security Incident Response Management