Security & Compliance

Privacy Compliance

Privacy Shield Framework

Ivanti complies with the Swiss-U.S. Privacy Shield Framework with respect to the transfer of personal data from Switzerland to our servers, which are in the US. This framework was designed to provide companies with a mechanism to comply with data protection requirements when transferring personal data from Switzerland to the United States. You can view our current certification here.

For international transfer from the EEA, Ivanti will implement the necessary measures to ensure appropriate safeguards for customer data. These safeguards may include the use of the European Commission’s Standard Contractual Clauses, or another lawful transfer mechanism, as agreed with our Customers.

CCPA

The California Consumer Privacy Act (CCPA) regulates how Ivanti handles personal information of California residents and gives certain rights with respect to their personal information.

Our Special Notice to California Residents is a supplement to our Privacy Policy and applies to information we collect in our role as a business.

If you have more questions about how Ivanti meets CCPA requirements, please reach out to [email protected].

General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) gives EU individuals more freedom to say how their personal data is handled and creates an opportunity for Ivanti to better serve our customers and reaffirm that we are dedicated to data protection.

Ivanti’s GDPR Compliance Statement is available here. If you have more questions about how Ivanti meets GDPR requirements, please reach out to [email protected].

Information Comissioner's Office

The Information Commissioner’s Office is “responsible for upholding information rights in the interest of the public for the United Kingdom. The Data Protection Regulations 2018 requires organizations who process personal information to register with the Information Commissioner’s Office.

You may view Ivanti’s ICO registration here.

Certifications & Attestations

Service Organization Control 2 AICPA SOC 2 logo

Service Organization Control 2 (SOC 2) helps businesses attest that they provide non-financial reporting controls that meet certain levels of service related to the security, availability, processing integrity, confidentiality, and privacy of a system.

For Ivanti, The Cadence Group conducted this attestation of compliance. The attestation report describes Ivanti’s Cloud Service Platform (CSP), assesses the fairness of the CSP’s description of its controls, and evaluates whether the controls are appropriately designed and operating effectively over the specified assessment period.

Ivanti Service Manager’s most recent SOC 2 Type 2 audit occurred in November of 2019. Ivanti Cloud completed the SOC 2 Type 1 audit in April 2020. Click here to request a copy of the SOC 2 Report.

International Organization for Standardization (ISO) ISO logo & International Electrotechnical Commission (IEC) IEC logo

ISO/IEC 27001:2013

The ISO and IEC provide standards that help customers deploy and automate IT solutions with processes that align with ITIL.

ISO/IEC 27001:2013 is a security management standard that specifies security management best practices and comprehensive security controls. The basis of this certification is the development and implementation of a suitable Information Security Management System (ISMS), which defines how Ivanti manages security and data protection. The certification process verifies that Ivanti does the following:

  • Evaluates the information security risks of the cloud services, considering the impact of - threats and vulnerabilities.
  • Implements a comprehensive set of information security controls and other forms of risk management to address customer and architecture security risks.
  • Performs periodic checks that the information security controls meet the requirements.

Ivanti Service Manager has been found in compliance with the standards outlined by the ISO and IEC, as stated in the audit plan. Click here to view a copy of Ivanti’s 27001:2013

FedRAMP FedRamp logo

Ivanti Service Manager has received an official FedRAMP Authorized designation!

The Federal Risk and Authorization Management Program (FedRAMP) is a United States Government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud-based services. Ivanti’s ATO (authority to operate) designation can be found on the FedRAMP Marketplace.

You can view our press release for more information here.

U.S. Federal Government Agency Authorization to Operate (ATO) FedRamp logo

Authorization to Operate (ATO) is the security approval required to launch a new IT system in the federal government. Government agencies determine whether to grant an information system authorization to operate for a period of time by evaluating if the security risk is acceptable.

Ivanti has received ATOs from the Air Force, Army, Department of Defense (DoD), Defense Health Agency (DHA), Department of Homeland Security (DHS), National Guard, Navy, Pacific Air Forces (PACAF), United States Special Operations Command (SOCOM), and U.S Strategic Command (STRATCOM).

Common Criteria ncsc cyber essentials logo

As of 2014, the United Kingdom has required suppliers that handle certain kinds sensitive and personal information for the central UK government to obtain Cybersecurity Essentials certification. This certification assures customers that Ivanti has an understanding of our cyber security level that we work to secure our IT against cyber attack.

You can download our current certification here or search the NCSC site for Ivanti here.

VPAT 2.4 Section 508: Revised Section 508 Standards

Section 508 standards are the technical requirements and criteria used to measure conformance to the U.S. Rehabilitation Act. This federal law requires agencies and companies to provide individuals with disabilities equal access to electronic information and data comparable to those who do not have disabilities. More information on Section 508 can be found at Section508.gov.

The following Ivanti products have been deemed 508 compliant through self-attestation:

Cybersecurity Essentials ncsc cyber essentials logo

As of 2014, the United Kingdom has required suppliers that handle certain kinds sensitive and personal information for the central UK government to obtain Cybersecurity Essentials certification. This certification assures customers that Ivanti has an understanding of our cyber security level that we work to secure our IT against cyber attack.

You can download our current certification here or search the NCSC site for Ivanti here.

Additional Resources

Privacy & Legal

Standardized Information Gathering (SIG)

Using a comprehensive set of questions (content library), the SIG gathers information to determine how security risks are managed across 18 risk control areas, or “domains”, within a service provider’s environment. The library houses comprehensive risk and cybersecurity frameworks as well as industry-specific controls.

Ivanti’s SIG Lite is scoped to the corporate level with designations for on-premise or hosted products and is available here.

Security Whitepapers

Listed below are Ivanti’s current public facing whitepapers:

Penetration Testing

Internal tests are conducted by Ivanti's Security team. This are usually run on an as-needed basis. The findings from these scans are shared with the relative development teams to get the vulnerabilities fixed, and the fixes released in product updates. 

Independent 3rd party tests are conducted on our products on a regular basis. After testing completes, Ivanti is provided with two reports. One report is shared with the relative development teams to get the vulnerabilities fixed, and the fixes released in product updates. The second report is the summary letter that we are able to share with customers.

Click on the product below to view its penetration letter:

Other

Endpoint Manager Core Server Hardening forum.

Endpoint Manager Core Services Application Hardening Guide

Resources by Product

Service Manager

Ivanti Service Manager has the following Security and Compliance certifications and resources available for public consumption:
•    SOC 2 Type 2: Click here to request a copy of the report
•    ISO 27001:2013 certificate
•    FedRAMP ATO
•    508 VPAT
•    Security Whitepaper
•    Penetration Test Letter
•    SIG Lite
For additional product information, please click here

Ivanti Neurons

Ivanti Neurons has the following Security and Compliance certifications and resources available for public consumption:
•    SOC 2 Type 1 Report: Click here to request a copy of the report
•    Security Whitepaper
•    SIG Lite
For additional product information, please click here.

Asset Manager

Ivanti’s Asset Manager solution has the following Security and Compliance certifications and resources available for public consumption:
•    SOC 2 Type 2: Click here to request a copy of the report
•    508 VPAT
•    Penetration Test Letter 
•    SIG Lite
For additional product information, please click here

Endpoint Manager

Ivanti’s Endpoint Manager solution has the following Security and Compliance certifications and resources available for public consumption:
•    508 VPAT
•    Penetration Test Letter 
•    SIG Lite
For additional product information, please click here

License Optimizer

Ivanti’s License Optimizer has the following Security and Compliance certifications and resources available for public consumption:
•    Penetration Test Letter 
•    SIG Lite
For additional product information, please click here.

Service Desk

Ivanti’s Service Desk has the following Security and Compliance certifications and resources available for public consumption:
•    Penetration Test Letter 
•    SIG Lite
For additional product information, please click here

Security Controls

Ivanti Security Controls solution has the following Security and Compliance certifications and resources available for public consumption:
•    Penetration Test Letter 
•    SIG Lite
For additional product information, please click here. 

Patch for SCCM

Ivanti’s Patch for SCCM solution has the following Security and Compliance certifications and resources available for public consumption:
•    Penetration Test Letter 
•    SIG Lite
For additional product information, please click here

Application Control

Ivanti’s Application Control solution has the following Security and Compliance certifications and resources available for public consumption:
•    Penetration Test Letter 
•    SIG Lite
For additional product information, please click here

File Director

Ivanti’s File Director has the following Security and Compliance certifications and resources available for public consumption:
•    Penetration Test Letter 
•    SIG Lite
For additional product information, please click here

Xtraction

Ivanti’s Xtraction solution has the following Security and Compliance certifications and resources available for public consumption:
•    Penetration Test Letter 
•    SIG Lite
For additional product information, please click here