Security and Compliance

SOC2 (Service Organization Control 2) compliance is an internationally recognized security standard that helps organizations, including cloud service providers, protect customer data and demonstrate compliance with applicable regulations. The standard was developed by the American Institute of Certified Public Accountants (AICPA) and is based on the AICPA's Trust Services Criteria. SOC2 compliance requires organizations to meet specific security and privacy requirements related to data storage, processing, and transmission. Compliance involves the implementation of appropriate technical, physical, and administrative controls that are monitored on an ongoing basis.

ISO/IEC 27001 (International Organization for Standardization / International Electrotechnical Commission) is an international standard that outlines the requirements for an information security management system (ISMS). It provides a framework of security controls to help organizations manage their information security risks. It is designed to help protect organizations from security threats, such as data breaches, malicious software, and cyber-attacks. ISO/IEC 27001 is a widely recognized standard for information security management and is accepted by many organizations around the world.

The NIS 2 Directive, an EU-wide legislation aimed at bolstering network and information system security across member states, establishes a framework for achieving higher levels of security. For organizations striving to comply with these regulations, understanding how cybersecurity controls map to NIS 2 is essential. Ivanti is committed to supporting its customers in their cybersecurity endeavors. For a brief list of ISO 27001 control articles covered by Ivanti, please click here. The complete list can be viewed on our Trust Center.

FedRamp (Federal Risk and Authorization Management Program) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. It is designed to help agencies assess and authorize cloud products and services more efficiently and cost-effectively. FedRamp was developed by the General Services Administration (GSA) in collaboration with the Department of Homeland Security (DHS), Department of Defense (DoD), National Institute of Standards and Technology (NIST), and other federal agencies.

Authorization to Operate (ATO) is the security approval required to launch a new IT system in the federal government. Government agencies determine whether to grant an information system authorization to operate for a period of time by evaluating if the security risk is acceptable.
Ivanti has received ATOs from the Air Force, Army, Department of Defense (DoD), Defense Health Agency (DHA), Department of Homeland Security (DHS), National Guard, Navy, Pacific Air Forces (PACAF), United States Special Operations Command (SOCOM), and U.S Strategic Command (STRATCOM).

As Common Criteria Compliance is a set of standards that are used to evaluate the security of IT products and services. It provides a common framework for organizations to measure and compare the security features of different IT products and services. The standards are established by an international committee and are used by organizations to evaluate the security of IT products and services they are considering for procurement. The standards cover areas such as authentication, authorization, encryption, audit, and other security-related topics.

508 VPATs (Voluntary Product Accessibility Template) are documents that provide detailed information on how accessible a product or service is to people with disabilities. The documents are developed in accordance with Section 508 of the U.S. Rehabilitation Act of 1973, which requires federal agencies to ensure that their electronic and information technology is accessible to people with disabilities. VPATs are often used by government agencies when procuring software, hardware, and other technology products and services.

As of 2014, the United Kingdom has required suppliers that handle certain kinds sensitive and personal information for the central UK government to obtain Cybersecurity Essentials certification. This certification assures customers that Ivanti has an understanding of our cyber security level that we work to secure our IT against cyber attack. You can search for our up-to-date certification by visiting the IASME site and searching for "Ivanti".

The Australian Information Security Registered Assessors Program (IRAP) assessment reviews ICT systems against the Australian Government’s strict cyber security standards.

The assessment process uses the security guidance detailed in Australian Attorney-General’s Department’s (AGD) Protective Security Policy Framework (PSPF), the Australian Government Information Security Manual (ISM), produced by the Australian Cyber Security Centre (ACSC), and the Digital Transformation Agency’s (DTA) Secure Cloud Strategy and other cyber security guidance. The assessment covers the modular components of Ivanti Neurons for ITSM and complementary SaaS services.

The assessment and corresponding report provide an overview of the effectiveness of the implementation of security controls, necessary for authorizing systems to hold, process and communicate Australian government information classified up to and including PROTECTED.