Security & Compliance

Ivanti Public Security Profile

Ivanti Security Profile

MobileIron Security Profile

Cherwell Security Profile

Privacy Compliance

CCPA

The California Consumer Privacy Act (CCPA) regulates how Ivanti handles personal information of California residents and gives certain rights with respect to their personal information.

Our Special Notice to California Residents is a supplement to our Privacy Policy and applies to information we collect in our role as a business.

If you have more questions about how Ivanti meets CCPA requirements, please reach out to [email protected].

General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) gives EU individuals more freedom to say how their personal data is handled and creates an opportunity for Ivanti to better serve our customers and reaffirm that we are dedicated to data protection.

Ivanti’s GDPR Compliance Statement is available here. If you have more questions about how Ivanti meets GDPR requirements, please reach out to [email protected].

Information Comissioner's Office

The Information Commissioner’s Office is “responsible for upholding information rights in the interest of the public for the United Kingdom. The Data Protection Regulations 2018 requires organizations who process personal information to register with the Information Commissioner’s Office.

You may view Ivanti’s ICO registration here.

You may view MobileIron’s ICO registration here.

You may view Cherwell’s ICO registration here.

You may view Pulse Secure’s ICO registration here.

Data Sovereignty

As technology continues to evolve and data transmissions occur on a global basis, data privacy has become one of the most important aspects of business today. Click here to discover how Ivanti handles data sovereignty as well as how the company meets specific European Data Privacy regulations.

Certifications & Attestations

Service Organization Control 2 AICPA SOC 2 logo

Service Organization Control 2 (SOC 2) helps businesses attest that they provide non-financial reporting controls that meet certain levels of service related to the security, availability, processing integrity, confidentiality, and privacy of a system.

For Ivanti, The Cadence Group conducted this attestation of compliance. The attestation report describes Ivanti’s Cloud Service Platform (CSP), assesses the fairness of the CSP’s description of its controls, and evaluates whether the controls are appropriately designed and operating effectively over the specified assessment period.

Ivanti Service Manager’s most recent SOC 2 Type 2 audit occurred in October of 2020. Ivanti Cloud completed the SOC 2 Type 1 audit in April 2020. Click here to request a copy of the SOC 2 Report.

International Organization for Standardization (ISO) ISO logo & International Electrotechnical Commission (IEC) IEC logo

ISO/IEC 27001:2013

The ISO and IEC provide standards that help customers deploy and automate IT solutions with processes that align with ITIL.

ISO/IEC 27001:2013 is a security management standard that specifies security management best practices and comprehensive security controls. The basis of this certification is the development and implementation of a suitable Information Security Management System (ISMS), which defines how Ivanti manages security and data protection. The certification process verifies that Ivanti does the following:

  • Evaluates the information security risks of the cloud services, considering the impact of - threats and vulnerabilities.
  • Implements a comprehensive set of information security controls and other forms of risk management to address customer and architecture security risks.
  • Performs periodic checks that the information security controls meet the requirements.

Ivanti Service Manager has been found in compliance with the standards outlined by the ISO and IEC, as stated in the audit plan. Click here to view a copy of Ivanti’s 27001:2013

FedRAMP FedRamp logo

Ivanti Service Manager has received an official FedRAMP Authorized designation!

The Federal Risk and Authorization Management Program (FedRAMP) is a United States Government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud-based services. Ivanti’s ATO (authority to operate) designation can be found on the FedRAMP Marketplace.

You can view our press release for more information here.

U.S. Federal Government Agency Authorization to Operate (ATO) 

Authorization to Operate (ATO) is the security approval required to launch a new IT system in the federal government. Government agencies determine whether to grant an information system authorization to operate for a period of time by evaluating if the security risk is acceptable.

Ivanti has received ATOs from the Air Force, Army, Department of Defense (DoD), Defense Health Agency (DHA), Department of Homeland Security (DHS), National Guard, Navy, Pacific Air Forces (PACAF), United States Special Operations Command (SOCOM), and U.S Strategic Command (STRATCOM).

Common Criteria common criteria logo uk

As of 2014, the United Kingdom has required suppliers that handle certain kinds sensitive and personal information for the central UK government to obtain Cybersecurity Essentials certification. This certification assures customers that Ivanti has an understanding of our cyber security level that we work to secure our IT against cyber attack.

You can download our current certification here or search the NCSC site for Ivanti here.

VPAT 2.4 Section 508: Revised Section 508 Standards

Section 508 standards are the technical requirements and criteria used to measure conformance to the U.S. Rehabilitation Act. This federal law requires agencies and companies to provide individuals with disabilities equal access to electronic information and data comparable to those who do not have disabilities. More information on Section 508 can be found at Section508.gov.

The following Ivanti products have been deemed 508 compliant through self-attestation:

Cybersecurity Essentials ncsc cyber essentials logo

As of 2014, the United Kingdom has required suppliers that handle certain kinds sensitive and personal information for the central UK government to obtain Cybersecurity Essentials certification. This certification assures customers that Ivanti has an understanding of our cyber security level that we work to secure our IT against cyber attack.

You can search for our up-to-date certification by visiting the IASME site and searching for "Ivanti".

Additional Resources

Privacy & Legal

Standardised Information Gathering (SIG)

Using a comprehensive set of questions (content library), the SIG gathers information to determine how security risks are managed across 18 risk control areas, or “domains”, within a service provider’s environment. The library houses comprehensive risk and cybersecurity frameworks as well as industry-specific controls.

Ivanti’s SIG Lite is scoped to the corporate level with designations for on-premise or hosted products and is available here.

Security Whitepapers

Listed below are Ivanti’s current public facing whitepapers:

Penetration Testing

Internal tests are conducted by Ivanti's Security team. This are usually run on an as-needed basis. The findings from these scans are shared with the relative development teams to get the vulnerabilities fixed, and the fixes released in product updates. 

Independent 3rd party tests are conducted on our products on a regular basis. After testing completes, Ivanti is provided with two reports. One report is shared with the relative development teams to get the vulnerabilities fixed, and the fixes released in product updates. The second report is the summary letter that we are able to share with customers.

Click on the product below to view its penetration letter:

Other

Endpoint Manager Core Server Hardening forum.

Endpoint Manager Core Services Application Hardening Guide

Resources by Product

Service Manager

Ivanti Service Manager has the following Security and Compliance certifications and resources available for public consumption:

For additional product information, please click here.

Ivanti Neurons

Ivanti Neurons has the following Security and Compliance certifications and resources available for public consumption:

For additional product information, please click here.

Asset Manager

Ivanti’s Asset Manager solution has the following Security and Compliance certifications and resources available for public consumption:

For additional product information, please click here.

Endpoint Manager

Ivanti’s Endpoint Manager solution has the following Security and Compliance certifications and resources available for public consumption:

For additional product information, please click here.

Licence Optimizer

Ivanti’s Licence Optimizer has the following Security and Compliance certifications and resources available for public consumption:

For additional product information, please click here.

Service Desk

Ivanti’s Service Desk has the following Security and Compliance certifications and resources available for public consumption:

For additional product information, please click here.

Security Controls

Ivanti Security Controls solution has the following Security and Compliance certifications and resources available for public consumption:

For additional product information, please click here.

Patch for SCCM

Ivanti’s Patch for SCCM solution has the following Security and Compliance certifications and resources available for public consumption:

For additional product information, please click here.

Application Control

Ivanti’s Application Control solution has the following Security and Compliance certifications and resources available for public consumption:

For additional product information, please click here.

File Director

Ivanti’s File Director has the following Security and Compliance certifications and resources available for public consumption:

For additional product information, please click here.

Xtraction

Ivanti’s Xtraction solution has the following Security and Compliance certifications and resources available for public consumption:

For additional product information, please click here.

Device Application Control

Ivanti’s Device Application Control solution has the following Security and Compliance certifications and resources available for public consumption:

For additional product information, please click here.

Workspace Control

Ivanti’s Workspace Control solution has the following Security and Compliance certifications and resources available for public consumption:

For additional product information, please click here.

Performance Manager and Environment Manager

Ivanti’s Performance Manager and Environment Manager solution has the following Security and Compliance certifications and resources available for public consumption:

For additional product information, please click here and here.

Identity Director

Ivanti’s Identity Director solution has the following Security and Compliance certifications and resources available for public consumption:

For additional product information, please click here.

Endpoint Security

Ivanti’s Endpoint Security solution has the following Security and Compliance certifications and resources available for public consumption:

For additional product information, please click here.

Avalanche

Ivanti’s Avalanche solution has the following Security and Compliance certifications and resources available for public consumption:

For additional product information, please click here.