YOUR DATA IS
SECURE & PROTECTED.
From restricting physical access to our datacenter to the security of the service layer itself, Samanage takes as many security measures as necessary to ensure that your information is protected. This includes the selection of data centers — you decide on either the US or EU data center.
Certifications and Accreditations
Reports on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality and Privacy.
Samanage is ISO 27001 certified for internationally recognized information security management system (ISMS) best practices & required data security processes.
Samanage has been certified by TRUSTe for its data privacy practices and complies with the highest standards for protecting your personal information.
US-EU Privacy Shield
Samanage has been certified by the US-EU Privacy Shield Framework for being in compliance with EU data protection requirements when transferring personal data from the European Union to the United States in support of transatlantic commerce.
Skyhigh Enterprise-Ready cloud services fully satisfy the most stringent requirements for data protection, identity verification, service security, business practices, and legal protection.
Samanage is a member of the Better Business Bureau, and commits to adhere to the BBB Code of Business Practices, including its online standard.
Your trust means everything to us.
We believe in being completely transparent about everything we do
including our data security, service protection, and availability metrics.
Samanage servers are hosted with Amazon Web Services (AWS) in the USA and the European Union, a secured, durable technology platform with industry-recognized certifications and audits including PCI DSS Level 1, ISO 27001, FISMA Moderate, FedRAMP, HIPAA, and SOC 1 (formerly referred to as SAS 70 and/or SSAE 16) and SOC 2 audit reports. The data center is protected by highly-trained security guards 24/7 and physical access to the Samanage servers is restricted to authorized personnel only. Our network is protected by an extensive network and security monitoring systems. For more information on our data security, please see the FAQ page.
All information sent to and from Samanage is encrypted with 2048-bit SSL encryption, the same security used by banks and e-commerce sites to protect their services. This means that all communication between your computers and our servers is encrypted and that your session is protected. You can verify this by checking the lock icon in your browser. All data is encrypted in transfer and all access to our service is governed by strict password security policies. In addition, all passwords are stored in MD5 hash format, which means they can not be reversed to the original password and are not readable. Furthermore, all data is also encrypted at rest using the industry-standard AES-256 algorithm this also includes any and all attachments included. For more information on our data security, please see the FAQ page.
Configured versioning saves multiple versions of all changes made to your files. This guarantees that data is always retained and easily restored. Additionally, we have a copy of all data at all times, and store a clone of static data on our servers. You will have access to all of this data, even if you decide to leave us. For more information on our data security, please see the FAQ page.
Accountability and Reliability
We’re in it for the long haul: when you’re using Samanage our door is always open and we are always here to provide support, hear your feedback and constantly upgrade your service with new features and tools. If you run into problems, we’re here to solve them ASAP. If you have any needs or questions, we’re here to listen and address them.
Disaster Recovery Program
We have designed a full disaster recovery program to allow us to operate the Samanage service without losing any of our customers’ data. Built using Amazon EC2 and S3 infrastructure services as our secondary data center, our backups are transmitted to the Amazon data center every night so we can operate the Samanage service using the Amazon infrastructure if needed.
We understand how important it is that the Samanage IT Asset Management agents that you deploy to your computers are safe and secure. The Samanage agent operates like any other software that runs in your network and connects to a server through the Internet (such as your anti-virus protection or even Adobe Acrobat Reader). The agent connects only to the Samanage server, and no communication is initiated with other destinations. In addition, the agent does not receive requests from any device or server, internal or external to your network – it only initiates requests. Furthermore all data transport is encrypted. This approach ensures that no other service can exploit the agent.
HIPAA and HITECH
In 2014, Samanage announced its ability to support the HIPAA and HITECH regulations, as well as the ability to sign HIPAA Business Associate Agreements (BAAs) with customers. Samanage is one of the few cloud-based application providers that signs HIPAA Business Associate Agreements (BAAs), demonstrating our ongoing investment in enterprise security, compliance and control for our customers. Read the Samanage HIPAA Statement. For additional HIPAA compliance process information, click here.
General Data Protection Regulations (GDPR)
Effective May 25, 2018, the General Data Protection Regulations (GDPR) apply to any organization that processes or handles data for citizens residing in the European Union. Unlike many cloud-based SaaS companies that rely on third-parties like AWS to ensure data security compliance, we pride ourselves on our extensive security certifications and accreditations. While the GDPR is only legally binding for data pertaining to EU citizens, we feel strongly that no matter where a person resides, their data privacy should be protected. Rest assured that your organization’s employee data is safe with us since we are GDPR compliant. For more information about GDPR and Data Security in ITSM, please see the Samanage blog.