Business Process Management Platform Globally Compliant in Information Security
Today we achieved the International Organization for Standardization (ISO) 27001:2013 certification for its Information Security Management System (ISMS) to support global customers using its Business Process Management Platform.
“Knowledge workers are at the forefront of deploying no-code tools, like Pipefy, that enable teams to automate and optimize business processes. Now, more than ever, information security is critical to maintaining continuity between IT and Business departments. By achieving our ISO 27001 certification, Pipefy extends our commitment to our customers, for whom security is a top priority. By investing in ISMS, Pipefy not only meets the needs and expectations of our customers, but we’re also empowering Citizen Developers to take on more complex projects with confidence, while remaining a dependable and compliant IT business partner,” said Alessio Alionço, Founder and CEO at Pipefy.
Pipefy has been focused on providing security at scale for their customers since the company was founded in 2015. The ‘people first’ company believes in data security and security monitoring for all, from single users to enterprise. Pipefy platform security features include:
- Permissions and Authentifications: Access to customer data is limited to authorized employees only.Pipefy’s environment is protected by having Single Sign-on (SSO), Multi-Factor Authentication (MFA), and strong password policies on their code repository, email provider, and storage warehouse platform. Pipefy’s platform, developers’ site, and help site are delivered 100% onto HTTPS.
- Disaster Recovery and Fail Over: All infrastructure and data are spread across 3 availability zones and will continue to work without issue if any one of their data centers fails.
- Back-Ups and Monitoring: Audit logs for all activity on the platform, using a secure platform for analysis and archival purposes. Active monitoring and backups in place to recover information in the event something happens within our environment.
- Encryption: All data within Pipefy is encrypted in transit and at rest using 256-bit encryption, which provides a better and more secure service.
- Pentest and Vulnerability Scanning: Security tools to continuously scan for vulnerabilities. Our dedicated security team responds to issues raised on these scans, when applicable, and performs regular penetration tests on the application and infrastructure.
- Incident Response: Strict protocol for handling security events which includes escalation procedures, rapid mitigation, and postmortem.
- GDPR/LDPR: LDPR compliant, GDPR compliance planned for Q3 2021.
- SOC 2: (System and Organization Controls) is a regularly refreshed report that focuses on non-financial reporting controls as they relate to security, availability, and confidentiality of a cloud service. SOC 2 is expected in Q3 2021.
“We watched ransomware attacks increase 150% in 2020 and continue to increase exponentially in 2021,” said Ananth Avva, President and COO at Pipefy. “Cybercrime has gone beyond targeting public companies with deep pockets. These criminals are impacting critical infrastructure, municipalities, the federal government, and posing a risk to public health and safety. It’s the responsibility of companies, like Pipefy, to maintain impeccable cybersecurity hygiene and plan for the unthinkable to provide the best security infrastructure for our customers.”
ISO 27001 standard is the internationally recognized best practice framework for an Information Security Management System (ISMS). In order to reach certified status, Pipefy was required to pass a series of standards to ensure business controls and management processes running on their platform are adequate and proportionate for information security threats. By adhering to and using these standards organizations of any kind can manage the security of assets such as financial information, intellectual property, employee details or information entrusted by third parties.