Delinea Trust Center
Why you can be confident we’ve got you covered.
Security is built into our bones
Delinea’s privileged access management solutions are built with security as a foundation from the start. We strictly adhere to industry best practices such as the NIST Cyber Security Framework. And, we make sure rigorous security testing is performed as a critical component of our software development processes along with continuous Quality Assurance checks.
Our cybersecurity defense measures cover all the bases. That includes intrusion detection, Distributed denial-of-service (DDoS) attack prevention, penetration testing, behavioral analytics, anomaly detection, machine learning, and a 24x7x365 state-of-the-art Security Operations Center. We also monitor and protect against the most critical web application security risks: SQL injection, cross site scripting, OWASP Top 10 and Automated Top 20 threats. And our threat data is continuously updated to protect against the latest threats and zero-day attacks.
Encryption assured for data in-transit and at-rest
All customer data is fully isolated and encrypted both in-transit and at rest, using the AES-256 standard encryption algorithm and PBKDF2-HMAC-SHA256 hashing algorithm. Delinea uses private encryption keys for each customer, with third-party key management support (AWS KMS). All secrets are systematically “salted” before being hashed and encrypted with their own unique Initialization Vector and Key.
All connections to Delinea cloud services are protected via Transport Layer Security (TLS). Distributed Engine communications are also secured with an additional encryption key unique to each tenant.
We see success as creating a world where users feel both free and secure.
Certified compliance with global best practices
Delinea solutions help our customers keep moving forward by assuring compliance within a wide range of cybersecurity and data protection regulations. They encompass those shown here as well as HIPAA, PCI, and industry-specific and regional requirements.
Contact us to learn more »
SOC2 Type II
We maintain and have successfully completed independent audits against the rigorous SOC 2 Type II standard and achieved compliance, a prestigious accomplishment showcasing our longstanding commitment to securing customer data. Information security is far reaching and ingrained into our culture and is evident from design of the service and infrastructure to the processes and people. Furthermore, achieving compliance demonstrates our dedication to both SOC 2's existing high security standards and our ability to raise the bar and adapt to the changing information security climate quickly and effectively.
Common Criteria (ISO/IEC 15408) Certified
Delinea's product, Secret Server, is Common Criteria Certified in the United States and Canada and meets requirements for government use of IT security products.
EU/US Privacy Shield
Certified under the EU-U.S. Privacy Shield framework. Developed by the U.S. Department of Commerce and European Commission, this framework provides companies on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States in support of transatlantic commerce.
Delinea adheres to the NIST Cybersecurity Framework from the The National Institute of Standards and Technology (NIST). The Framework for Improving Critical Infrastructure Cybersecurity (NIST Cybersecurity Framework) was developed in response to U.S. Executive Order 13636. Created through collaboration between government and the private sector, this framework uses a common language to address and manage cybersecurity risk in a cost-effective way based on business needs without placing additional regulatory requirements on businesses. Our alignment of security controls with the NIST Cybersecurity Framework’s Core is regularly tested as part of the periodic SOC 2 Type 2 report.
Delinea solutions comply with the European Union's General Data Protection Regulation (GDPR). It is focused on ensuring any nation state, organization, or company dealing with European citizens’ personal identifiable information are obliged to comply with this regulation.
Certified for ISO 27001, a globally recognized standard mandating numerous controls for the establishment, maintenance, and certification of an information security management system (ISMS). The ISO standard ensures that we have established methodologies and a framework for business and IT processes to help identify, manage, and reduce risks to the security of information.
Registered with the Cloud Security Alliance (CSA) Security, Trust & Assurance Registry (CSA STAR). CSA STAR is one of the industry’s most extensive programs for security assurance in the cloud. It encompasses key principles of transparency, rigorous auditing, and harmonization of standards, helping customers and potential customers to assess the security level of cloud offerings.
We support our customer’s compliance needs for processing covered by the California Consumer Privacy Act of 2018 (the “CCPA”). To confirm applicable aspects of the CCPA in connection with Customer’s use of the Services, Delinea provides this Compliance Statement.
We achieved Agency Authorization for the U.S. Government's Federal Risk and Authorization Management Program (FedRAMP) for the Privileged Access Service (PAS) at a Moderate Impact Level in 2019 and have maintained the FedRAMP controls. FedRAMP enables government agencies to adopt our audited cloud-ready solutions and bolster mission security as they migrate an increasing number of workloads to the cloud. Check out the FedRAMP Marketplace listing for more details.