Enterprise-level Security

Trust Scaled Agile, Inc. to meet your security and data compliance requirements

Our comprehensive approach to security covers governance, risk management, and compliance for infrastructure, applications, and data. This includes encryption at rest, logical segregation and privacy, SSLv3/TLS encryption, multi-factor authentication, secure data backups and storage, administrative access control, security testing, and session monitoring and logging.

Our Security Standards

Enterprise Security

Our enterprise security program addresses security concerns at all layers of the security stack.

Infrastructure security

SAFe® applications leverage best-in-class service providers to ensure your data remains private, available, and secure. Our applications are built on Salesforce and Amazon Web Services (AWS) infrastructures, which maintain over 143 security standards and certifications such as PCI-DSS, HIPAA/HITECH, FedRAMP, GDPR, FIPS 140-2, and NIST 800-171.

Penetration testing

Scaled Agile conducts penetration testing for all its applications on an annual basis. Testing is carried out by an independent third-party testing partner and is certified by an Offensive Security Certified Professional (OSCP).

Access controls

Scaled Agile provides each user in your organization with a unique username and password that must be entered each time a user logs in. MFA is available for your users should you choose to configure it. Only a customer-designated administrator has the authority to manage login accounts under the customer’s subscription.

Data Protection

Trust Scaled Agile to meet your security and data compliance requirements.


Scaled Agile protects sensitive information using FIPS 140-2 compliant encryption methods to ensure that your data is safe, secure, and available only to registered users in your organization. All connections to SAFe services require TLS encryption, and data at rest is encrypted at the platform or field level.

Least privilege

Scaled Agile adheres to the principle of least privilege in its application environments: employees are only authorized to access data that they reasonably must handle in order to fulfill their current job responsibilities.

Excessive privilege audits are conducted to minimize the risk of unnecessary access to customer data.

Security by design

Our security model follows SSDLC best practices to ensure security and privacy of customer data are considered as part of the software development lifecycle, not as an afterthought.


Scaled Agile is committed to providing high availability, even amidst difficult circumstances.

Incident response

All employees and contractors complete initial and ongoing security and privacy awareness training to help minimize the risk of security incidents and data breaches. Scaled Agile retains 24×7 third-party incident response experts and maintains formal IR procedures that are tested annually to ensure that our organization is well-prepared to address potential security incidents.

Contingency planning

Scaled Agile conducts annual disaster recovery and business continuity planning exercises to ensure that organizational functions can continue to operate during a declared disaster. Whether it is a manmade or natural disaster causing interruptions, Scaled Agile is committed to providing continuous service to our customers.

Backup and recovery

Backups of all customer data occur at least daily and are stored in an immutable format independent of production environments. The Scaled Agile backup and recovery program ensures that backups are tested for integrity and availability so you can be confident your data can be restored in the event of corruption or loss.

Learn More

Still want to know more about our security program? Reach out to us, and we’ll connect you with our information security team.

Monitoring and logging

Scaled Agile continuously monitors and logs all security information related to application usage to support incident response, troubleshooting, and customer compliance requirements.

Privacy Notice and Policy

Learn how we collect and use data at Scaled Agile by viewing our Privacy Notice and Policy.

Enterprise sub-processors

Scaled Agile vets and monitors all data sub-processors to ensure that your data is protected no matter where it goes. You can view a comprehensive list of our approved sub-processors here.

Our Commitment to Security and Privacy

Learn how we collect and use data at Scaled Agile by viewing our Privacy Notice and Policy.

SAFe Enterprise

SAFe Enterprise is a system of knowledge, tools, and practices essential to successfully scale Agile across the enterprise. SAFe Enterprise bundles the critical components of learning, adapting, and practicing SAFe into a single platform, accessible to leaders and teams anytime, anywhere. With SAFe Enterprise, organizations now have the tools they need to start an Agile transformation, put SAFe to work every day, and make the transformation stick.

Back to: About Scaled Agile

For over a decade, the Scaled Agile Framework® (SAFe®) has been the world’s leading framework for business agility. Today, SAFe is in its fifth iteration and has been adopted by more than 20,000 enterprises across the globe. 

Next to: SAFe Enterprise

SAFe Enterprise bundles the critical components Scale Agile adoption, improve collaboration, measure progress, and engage employees with day-to-day agility.