(click-through NDA required)
(click-through NDA required)
The California Consumer Privacy Act (CCPA) regulates how Ivanti handles personal information of California residents and gives certain rights with respect to their personal information.
Our Special Notice to California Residents is a supplement to our Privacy Policy and applies to information we collect in our role as a business.
If you have more questions about how Ivanti meets CCPA requirements, please reach out to privacy@ivanti.com.
The General Data Protection Regulation (GDPR) gives EU individuals more freedom to say how their personal data is handled and creates an opportunity for Ivanti to better serve our customers and reaffirm that we are dedicated to data protection.
Ivanti’s GDPR Compliance Statement is available here. If you have more questions about how Ivanti meets GDPR requirements, please reach out to privacy@ivanti.com.
The Information Commissioner’s Office is “responsible for upholding information rights in the interest of the public for the United Kingdom. The Data Protection Regulations 2018 requires organizations who process personal information to register with the Information Commissioner’s Office.
You may view Ivanti’s ICO registration here.
You may view MobileIron’s ICO registration here.
You may view Cherwell’s ICO registration here.
You may view Pulse Secure’s ICO registration here.
As technology continues to evolve and data transmissions occur on a global basis, data privacy has become one of the most important aspects of business today. Click here to discover how Ivanti handles data sovereignty as well as how the company meets specific European Data Privacy regulations.
Service Organization Control 2 (SOC 2) helps businesses attest that they provide non-financial reporting controls that meet certain levels of service related to the security, availability, processing integrity, confidentiality, and privacy of a system.
For Ivanti, The Cadence Group conducted this attestation of compliance. The attestation report describes Ivanti’s Cloud Service Platform (CSP), assesses the fairness of the CSP’s description of its controls, and evaluates whether the controls are appropriately designed and operating effectively over the specified assessment period.
Ivanti Service Manager’s most recent SOC 2 Type 2 audit occurred in October of 2020. Ivanti Cloud completed the SOC 2 Type 1 audit in April 2020. Click here to request a copy of the SOC 2 Report.
ISO/IEC 27001:2013
The ISO and IEC provide standards that help customers deploy and automate IT solutions with processes that align with ITIL.
ISO/IEC 27001:2013 is a security management standard that specifies security management best practices and comprehensive security controls. The basis of this certification is the development and implementation of a suitable Information Security Management System (ISMS), which defines how Ivanti manages security and data protection. The certification process verifies that Ivanti does the following:
Ivanti Service Manager has been found in compliance with the standards outlined by the ISO and IEC, as stated in the audit plan. Click here to view a copy of Ivanti’s 27001:2013
Ivanti Service Manager has received an official FedRAMP Authorized designation!
The Federal Risk and Authorization Management Program (FedRAMP) is a United States Government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud-based services. Ivanti’s ATO (authority to operate) designation can be found on the FedRAMP Marketplace.
You can view our press release for more information here.
Authorization to Operate (ATO) is the security approval required to launch a new IT system in the federal government. Government agencies determine whether to grant an information system authorization to operate for a period of time by evaluating if the security risk is acceptable.
Ivanti has received ATOs from the Air Force, Army, Department of Defense (DoD), Defense Health Agency (DHA), Department of Homeland Security (DHS), National Guard, Navy, Pacific Air Forces (PACAF), United States Special Operations Command (SOCOM), and U.S Strategic Command (STRATCOM).
As of 2014, the United Kingdom has required suppliers that handle certain kinds sensitive and personal information for the central UK government to obtain Cybersecurity Essentials certification. This certification assures customers that Ivanti has an understanding of our cyber security level that we work to secure our IT against cyber attack.
You can download our current certification here or search the NCSC site for Ivanti here.
Section 508 standards are the technical requirements and criteria used to measure conformance to the U.S. Rehabilitation Act. This federal law requires agencies and companies to provide individuals with disabilities equal access to electronic information and data comparable to those who do not have disabilities. More information on Section 508 can be found at Section508.gov.
The following Ivanti products have been deemed 508 compliant through self-attestation:
As of 2014, the United Kingdom has required suppliers that handle certain kinds sensitive and personal information for the central UK government to obtain Cybersecurity Essentials certification. This certification assures customers that Ivanti has an understanding of our cyber security level that we work to secure our IT against cyber attack.
You can download our current certification here or search the NCSC site for Ivanti here.
Using a comprehensive set of questions (content library), the SIG gathers information to determine how security risks are managed across 18 risk control areas, or “domains”, within a service provider’s environment. The library houses comprehensive risk and cybersecurity frameworks as well as industry-specific controls.
Ivanti’s SIG Lite is scoped to the corporate level with designations for on-premise or hosted products and is available here.
Listed below are Ivanti’s current public facing whitepapers:
Internal tests are conducted by Ivanti's Security team. This are usually run on an as-needed basis. The findings from these scans are shared with the relative development teams to get the vulnerabilities fixed, and the fixes released in product updates.
Independent 3rd party tests are conducted on our products on a regular basis. After testing completes, Ivanti is provided with two reports. One report is shared with the relative development teams to get the vulnerabilities fixed, and the fixes released in product updates. The second report is the summary letter that we are able to share with customers.
Click on the product below to view its penetration letter:
Endpoint Manager Core Server Hardening forum.
Endpoint Manager Core Services Application Hardening Guide
Ivanti Service Manager has the following Security and Compliance certifications and resources available for public consumption:
For additional product information, please click here.
Ivanti Neurons has the following Security and Compliance certifications and resources available for public consumption:
For additional product information, please click here.
Ivanti’s Asset Manager solution has the following Security and Compliance certifications and resources available for public consumption:
For additional product information, please click here.
Ivanti’s Endpoint Manager solution has the following Security and Compliance certifications and resources available for public consumption:
For additional product information, please click here.
Ivanti’s Licence Optimizer has the following Security and Compliance certifications and resources available for public consumption:
For additional product information, please click here.
Ivanti’s Service Desk has the following Security and Compliance certifications and resources available for public consumption:
For additional product information, please click here.
Ivanti Security Controls solution has the following Security and Compliance certifications and resources available for public consumption:
For additional product information, please click here.
Ivanti’s Patch for SCCM solution has the following Security and Compliance certifications and resources available for public consumption:
For additional product information, please click here.
Ivanti’s Application Control solution has the following Security and Compliance certifications and resources available for public consumption:
For additional product information, please click here.
Ivanti’s File Director has the following Security and Compliance certifications and resources available for public consumption:
For additional product information, please click here.
Ivanti’s Xtraction solution has the following Security and Compliance certifications and resources available for public consumption:
For additional product information, please click here.
Ivanti’s Device Application Control solution has the following Security and Compliance certifications and resources available for public consumption:
For additional product information, please click here.
Ivanti’s Workspace Control solution has the following Security and Compliance certifications and resources available for public consumption:
For additional product information, please click here.
Ivanti’s Performance Manager and Environment Manager solution has the following Security and Compliance certifications and resources available for public consumption:
For additional product information, please click here and here.
Ivanti’s Identity Director solution has the following Security and Compliance certifications and resources available for public consumption:
For additional product information, please click here.
Ivanti’s Endpoint Security solution has the following Security and Compliance certifications and resources available for public consumption:
For additional product information, please click here.
Ivanti’s Avalanche solution has the following Security and Compliance certifications and resources available for public consumption:
For additional product information, please click here.