10 Feb 2023 07:39 AM - last edited on 14 Feb 2023 11:38 AM by Radoslaw_Szulgo
Where can I find answers to Dynatrace on SaaS security and privacy questions?
I'm interested in technical documentation showing security measures that the vendor has implemented in the provided solution. Including but not limited to:
• Data stored / processed / transmitted by the solution
• Role Based Access Control and permissions available to the customer
• API Security (encryption, key storage, rate limiting, IP allow-listing)
• Encryption at rest and in transit
• Access to encryption keys • Malware protection
• Permissions needed in case of integrations • SSO functionality
• Latest ISO 27001 certification and Statement of Applicability.
• Latest SOC 2 Type II audit report.
• Internal security policies of the vendor covering following areas: Asset Management, Change control and management, Encryption and Key Management, Endpoint Security, Human Resources, Identity and Access Management, Incident Response, Infrastructure Security, Network Security, Risk Management, Secure Software Development Life Cycle, Security Program, Supply Chain Management, Threat and vulnerability management.
• Latest Penetration Test report showing identified vulnerabilities, risk levels, and statuses (fixed or not fixed); if there are unfixed vulnerabilities -> explanation from the vendor and timeline of addressing vulnerabilities.
Solved! Go to Solution.
14 Feb 2023 11:40 AM
Software that works perfectly is software that’s adequately secured. So, from start to finish, product to practice, we build the most robust possible security and controls into everything we do. The best step to start is to visit our Trust Center: https://www.dynatrace.com/company/trust-center/security/
For details, I recommend contacting us personally, as some information might only be available under a signed NDA.