Enterprise-level Security
Trust Scaled Agile, Inc. to meet your security and data compliance requirements
Our comprehensive approach to security covers governance, risk management, and compliance for infrastructure, applications, and data. This includes encryption at rest, logical segregation and privacy, SSLv3/TLS encryption, multi-factor authentication, secure data backups and storage, administrative access control, security testing, and session monitoring and logging.
Explore our Trust Center for in-depth insights on data management, security, and compliance.
Our Security Standards
Enterprise Security
Our enterprise security program addresses security concerns at all layers of the security stack.
Infrastructure security
SAFe® applications leverage best-in-class service providers to ensure your data remains private, available, and secure. Our applications are built on Salesforce and Amazon Web Services (AWS) infrastructure, which maintain compliance with over 143 security standards such as PCI-DSS, HIPAA/HITECH, FedRAMP, GDPR, FIPS 140-2, and NIST 800-171.
Single Sign On (SSO)
You can choose to configure enterprise SSO for authentication to ensure secure, centralized control and efficient access to SAFe’s digital properties. We integrate with most major identity providers, including Microsoft/Azure/ O365, Okta, JumpCloud, and Duo Security.
Access controls
Scaled Agile provides each user in your organization with a unique username and password that must be entered each time a user logs in. Only a customer-designated administrator has the authority to manage login accounts under the customer’s subscription. You can choose to configure enterprise SSO in order to support additional controls such as MFA and centralized identity management.
SOC 2 Type 2 Compliant
SOC is a standard developed by the AICPA for reporting on security controls at service organizations. Scaled Agile is SOC 2® compliant, demonstrating independent verification of the security measures that protect sensitive data in our product environments.
Data Protection
Trust Scaled Agile to meet your security and data compliance requirements.
Encryption
Scaled Agile protects sensitive information using FIPS 140-2 compliant encryption methods to ensure that your data is safe, secure, and available only to registered users in your organization. All connections to SAFe services require TLS encryption, and data at rest is encrypted at the platform or field level.
Least privilege
Scaled Agile adheres to the principle of least privilege in its application environments: employees are only authorized to access data that they reasonably must handle in order to fulfill their current job responsibilities.
Excessive privilege audits are conducted to minimize the risk of unnecessary access to customer data.
Security by design
Our security model follows SSDLC best practices to ensure security and privacy of customer data are considered as part of the software development lifecycle, not as an afterthought.
Resilience
Scaled Agile is committed to providing high availability, even amidst difficult circumstances.
Incident response
All employees and contractors complete initial and ongoing security and privacy awareness training to help minimize the risk of security incidents and data breaches. Scaled Agile retains 24×7 third-party incident response experts and maintains formal IR procedures that are tested annually to ensure that our organization is well-prepared to address potential security incidents.
Contingency planning
Scaled Agile conducts annual disaster recovery and business continuity planning exercises to ensure that organizational functions can continue to operate during a declared disaster. Whether it is a manmade or natural disaster causing interruptions, Scaled Agile is committed to providing continuous service to our customers.
Backup and recovery
Backups of all customer data occur at least daily and are stored in an immutable format independent of production environments. The Scaled Agile backup and recovery program ensures that backups are tested for integrity and availability so you can be confident your data can be restored in the event of corruption or loss.
Learn More
Still want to know more about our security program? Reach out to us, and we’ll connect you with our information security team.
Monitoring and logging
Scaled Agile continuously monitors and logs all security information related to application usage to support incident response, troubleshooting, and customer compliance requirements.
Privacy Notice and Policy
Learn how we collect and use data at Scaled Agile by viewing our Privacy Notice and Policy.
Enterprise sub-processors
Scaled Agile vets and monitors all data sub-processors to ensure that your data is protected no matter where it goes. You can view a comprehensive list of our approved sub-processors here.
SAFe Enterprise
SAFe Enterprise is a system of knowledge, tools, and practices essential to successfully scale Agile across the enterprise. SAFe Enterprise bundles the critical components of learning, adapting, and practicing SAFe into a single platform, accessible to leaders and teams anytime, anywhere. With SAFe Enterprise, organizations now have the tools they need to start an Agile transformation, put SAFe to work every day, and make the transformation stick.
Back to: About Scaled Agile
For over a decade, the Scaled Agile Framework® (SAFe®) has been the world’s leading framework for business agility. Today, SAFe is in its fifth iteration and has been adopted by more than 20,000 enterprises across the globe.
Next to: SAFe Enterprise
SAFe Enterprise bundles the critical components Scale Agile adoption, improve collaboration, measure progress, and engage employees with day-to-day agility.