Secure by Design
- Designated security team
- Proactive monitoring of security bulletins (e.g. SANS, CERT and NIST)
- Scanning third-party dependencies for vulnerabilities
- Regular static code analysis (e.g. Veracode)
- Mandatory code and security reviews (OWASP and CWE/SANS)
- Comprehensive vulnerability and security incident management
- Regular risk assessments of security policies, procedures, controls and standards
- Regular code and data backups
- Built-in Web Security module to configure HTTP security headers, redirect and referrer validation and protect against cross-site scripting (XSS), click jacking, code injection, or man-in-the-middle attacks and content sniffing
- Built-in user authentication and management
- Endpoint protection to continuously assess staging and production environments
- Web Application Firewall to react to security threats faster by centrally patching known vulnerabilities
Cloud Security Operations
Trusted and reliable infrastructure, high availability, proactive monitoring of all system components and secure encryption is at the heart of Sitefinity operations.
- Proactive cloud monitoring of all system components
- Trusted and reliable cloud infrastructure – Microsoft Azure
- Very high data resiliency and cloud service availability
- Comprehensive performance dashboards displaying load, performance, availability, errors, and more
Customer Data Protection
- Supports requirements of the General Data Protection Regulation (GDPR) by:
- Allowing the locating and deleting of personal data
- Using secure APIs for integrated solutions
- Securely handling Personal Identifiable Information (PII)
- Providing a built-in tracking consent widget
- Providing Sitefinity Insight data center hosted within Europe
- Customer consent required before customer data is accessed and strict data access policies and controls (e.g. to fix reported issue)
- Customer data is stored and isolated on shared or fully dedicated storage
- Internal controls ensure customer data is never replicated or used in non-production environments
- Regular and highly secure data backups using Azure Storage
Regulatory Standards Compliance
Progress is a publicly traded company (NASDAQ: PRGS) and as such it is required to comply with and is audited under the Sarbanes–Oxley Act.
SOC 2 Certified CMS
The Sitefinity platform is certified by an independent third party to comply with the service organization control standards (SOC 2) developed by the Association of International Certified Professional Accountants (AICPA).