c01-trust

 

Platform Trust

We take the protection and security of your data very seriously.
The Informatica Intelligent Data Platform is built with performance,
reliability, and security at its core to protect your most valuable asset.

See our Certifications & Reports

A holistic approach to security

Securing customer data is part of our core strategy and values. We built our cloud from the ground up, keeping security as a primary design principle. Our product development incorporates Informatica’s Secure Development Lifecycle to ensure that we eliminate security defects while we develop our products.

Informatica Intelligent Cloud Services (IICS) uses industry approved and commonly used algorithms to encrypt all sensitive information. All customer data is encrypted at rest using an AES-128 key. Data in transit is encrypted using TLS-1.2 or greater protocol.

c03-solutions-buildings

IICS is a multi-tenant environment, which hosts customer instances in a dedicated “private” environment using the public cloud. Our multi-tenant architecture ensures that each customer’s data is segregated from all other tenants and is only exposed to authorized users. This means that there is no commingling of customer data. You can check the production status of all publicly hosted Informatica cloud products, including planned maintenance schedules and other updates, at status.informatica.com.

Informatica continuously improves the security of IICS by releasing new, security-focused features. As a customer, you benefit from our support of application security, malware protection, network security, system configuration, identity and access management (IAM), security response, and data protection.

Please contact your account rep for a copy of the Informatica Intelligent Cloud Services Security Overview Brochure.

Informatica’s cloud security program

We are committed to continuously earning your trust; that’s why we comply with key standards and regulations in your industries. The Informatica cloud security program is designed to protect you and us from cyber threats, enabling you to take smart risks while maintaining a safe and compliant environment. We start with policies that provide a baseline for us to define standards and to define how we securely operate our cloud infrastructure at scale. We perform continuous audits to ensure that our environment is compliant with applicable standards and regulations.

Our cloud security program focuses efforts and resources across the following areas:

  • Application Security
  • Identity and Access Management
  • Vulnerability Management
  • Security Incident Response
  • Training and Awareness
  • Business Continuity and Disaster Recovery
  • Governance, Risk Management & Compliance
  • Risk Management

At Informatica, security is everyone’s responsibility. Our global security team is comprised of the following functions:

  • Office of the Chief Trust Officer
  • Product Security
  • Governance Risk and Compliance (GRC)
  • Security Operations Center (SOC)
  • Cloud Security Architecture
  • Cloud Security Engineering
  • Office of the CISO

All Informatica personnel supporting IICS go through periodic background checks. Before being granted access, Informatica personnel complete mandatory security training. Annual security training ensures that all employees are made aware of the evolving threat landscape and are prepared. Annual privacy training helps employees understand obligations under applicable laws and regulations including the GDPR. IICS R&D follows a secure software development lifecycle process to help ensure that the service effectively protects customer data. Informatica also invests heavily in providing incident response training to employees to ensure that we act swiftly and responsibly in the event of a data breach.

Informatica is committed to working with the security researcher community to improve the security of our products and services. Our Responsible Disclosure Program facilitates responsible reporting of potential vulnerabilities so we can respond swiftly and appropriately.

Certifications, assessments, and standards

Consistent with our cloud principles, we hold ourselves accountable to a higher standard. Informatica will provide executive summary of independent third-party penetration test reports.

We continuously add to our list of externally validated certifications, assessments, and standards to keep your data safe, and to ensure we remain a best-in-class cloud service provider.

INFORMATICA VENDOR A VENDOR B VENDOR C VENDOR D VENDOR E AWS AZURE GCP SALESFORCE

Privacy policy

As a global leader in Enterprise Cloud Data Management, Informatica takes privacy seriously. We design products and services and conduct business with appropriate administrative, technical and organizational measures to protect personal data, and we regularly evaluate the effectiveness of those measures.

It is important to Informatica that you be informed about collection and use of your personal data. The Informatica privacy policy identifies the personal data that we may receive from business contacts including users of our services and website and individuals working on behalf of our customers, vendors, and partners. The policy explains how we use these data and the choices available to you to control those uses.

c03-solutions-data-governance-risk-compliance

Transparency Report

Law Enforcement Requests and Informatica’s Transparency Report – August 5, 2020

This document explains how Informatica responds to governmental requests for data we process on behalf of our customers. 

History of Requests:

From January 1, 2017 through the date of publication of this document, Informatica did not receive any search warrants, subpoenas, or national security requests (such as national security letters or foreign intelligence surveillance act orders) for customer data or metadata.

Encryption of customer data:

 All products on Informatica’s Informatica Intelligent Cloud Services platform hosted on Microsoft Azure or Amazon Web Services, including Cloud Data Integration, Master Data Management (MDM) Cloud, and Data Quality and Governance Cloud, and single-tenant hosted MDM and Product 360, encrypt all customer data and customer-specific metadata in motion (even traffic within a pod) and at rest (at both file and database level). Encryption is continuous from transit out of the customer’s network, within Informatica’s cloud components, and through to delivery to the destination. Encryption in motion uses TLS v1.2 or greater, and encryption at rest uses AES-256. This encryption creates a practical impediment to surveillance of customer data without awareness of Informatica or our customer.

Our response process relies on four principles:

  1. Notice.  Informatica notifies the customer whose data or metadata is the subject of the request, except where prohibited by law.  Informatica gives this notification promptly and in advance of fulfilling the request except where prohibited by law or in the case of a bona fide emergency.
  2. Validity.  Informatica analyzes each request to determine its validity, including the substance of the request and the jurisdictional authority of the government entity, regulator, or law enforcement agency issuing the request. 
  3. Challenge.  If Informatica concludes that the request itself or an order to delay notice of the request may not be valid, Informatica challenges that validity to the full extent permitted by law. 
  4. Limitation.  Informatica provides customer data or metadata in response to the request only if required by law.  Informatica construes each request narrowly and discloses only the information required. 

If you have questions about this Transparency Report, please contact privacy@informatica.com.

How can we help?

Informatica Network

Find answers to your tough questions.