Security Policy

ManageEngine Security Practices, Policies & Infrastructure for Cloud Solutions

Security and data protection are paramount for us. We take security very seriously and have developed a comprehensive set of practices, technologies and policies to help ensure your data is secure.

If you are currently maintaining your data on personal computers or your own servers, the odds are that we offer a better level of security than what you currently have in place.

This document outlines some of the mechanisms and processes we have implemented to help ensure that your data is protected. Our security practices are grouped in four different areas: Physical Security; Network Security; People Processes and Redundancy and Business Continuity.

Physical Security

Our datacenters are hosted in some of the most secure facilities available today in locations that are protected from physical and logical attacks as well as from natural disasters such as earthquakes, fires, floods, etc.

Network Security

Our network security team and infrastructure helps protect your data against the most sophisticated electronic attacks. The following is a subset of our network security practices. These are intentionally stated in a very general way, since even knowing what tactics we use is something hackers crave. If your organization requires further detail on our network security, please contact us.

People Processes

Designing and running data center infrastructure requires not just technology, but a disciplined approach to processes. This includes policies about escalation, management, knowledge sharing, risk, as well as the day to day operations. ManageEngine On-Demand's security team has years of experience in designing and operating data centers and continually improves our processes over time. ManageEngine On-Demand has developed world class practices for managing security and data protection risk.

Redundancy and Business Continuity

One of the fundamental philosophies of cloud computing is the acknowledgment and assumption that computer resources will at some point fail. We have designed our systems and infrastructure with that in mind.

Security Certifications

ISO/IEC 27001 is one of the most widely recognized independent international security standards. This certificate is awarded to organizations that comply with ISO's high global standards. ManageEngine has earned ISO/IEC 27001:2013 certification for Applications, Systems, People, Technology, and Processes.

SOC 2 ManageEngine is SOC 2 Type II compliant. SOC 2 is an evaluation of the design and operating effectiveness of controls that meet the AICPA's Trust Services Principles criteria.

For more information on our security policy and certifications, please contact security@zohocorp.com.
To get a copy of the compliance report, please contact sales@zohocorp.com

Vulnerability Reporting:

ManageEngine values the work done by security researchers in improving the security of our service offerings and we are committed to working with the community to verify, reproduce, and respond to legitimate reported vulnerabilities. To report a security issue please contact security@zohocorp.com.

bsi-assurancebsi-assurance