At Anaplan, we know that earning our customers’ trust begins with a commitment to security and privacy. We have established our Trust Center to share the security measures we take, the data privacy standards we meet, and the reliability promises we honor to support business operations and continuity across the globe.
Data securityAnaplan implements industry leading measures and systems to ensure confidentiality, integrity, and availability of customer data. Our team is dedicated to regularly reviewing and improving our security practices to help ensure the security of our platform and our clients’ information:
- Our customers have exclusive control of user provisioning and data access for their Anaplan workspaces.
- Cell-level granularity is controlled using the in-application role-based access controls (RBAC).
- Data being transmitted is encrypted using HTTPS/TLS 1.2.
- Data at rest in encrypted using AES-256.
- BYOK provides customers with an additional level of assurance by adding an additional layer of encryption at the file level for data encryption at rest, supporting customer managed encryption keys.
PrivacyCustomer trust is the basis of our success as a company. We strive every day to ensure that the data entrusted to us is protected by employing industry best practices, giving our clients control over their privacy options, and helping our customers understand what happens with their information. Our Privacy Statement outlines how, when and with whom we share data with. In order to consistently demonstrate our privacy program success, we have a dedicated team invested in:
- Consent management
- Data inventory and mapping
- Privacy assessments
- Audit and compliance
InfrastructureAnaplan collaborates with industry-leading infrastructure partners to provide both a hosted option and a public cloud option. For more detailed information on the security features that Anaplan provides, check out our Security overview whitepaper. Benefits Include:
- All Anaplan service offerings are with SOC audited and ISO 27001 certified providers, and fully managed by Anaplan.
- Anaplan employs a defense-in-depth security architecture that includes next-gen firewalls, WAF, NTDR, EDR, and DDoS mitigation services.
AvailabilityWe understand just how critical business operations are to our clients, which is why we’ve designed Anaplan to be a high-availability platform, providing our customers with industry-leading uptime and reliability. Learn more about how we maintain a high level of data availability by reviewing our IT operational resilience overview whitepaper.
Transparency reportAnaplan, Inc., and its affiliates are committed to being fully transparent about our privacy practices. Anaplan does not voluntarily disclose any personal data of customers to Government Authorities or otherwise grant them access to such data. In addition, Anaplan has not built, and will not purposefully build, backdoors to enable government actors to access its data or information systems, and has not changed, and will not purposefully change, its processes in a manner that facilitates government access to data. Anaplan has in place an internal policy that governs Anaplan’s personnel responses to any potential government data access requests.
Anaplan requires Government Authorities to adhere to applicable laws governing how and when they may access data. Anaplan requires Government Authorities to first seek to obtain data directly from Anaplan’s customers.
If you are an official representative of Government Authority authorized to seek data from Anaplan, you may submit your legal request by emailing email@example.com.
Download transparency report
At Anaplan, we believe that our people are the key to our success. We strive to hire the best talent for the global Information Security and Privacy team and bolster our teams’ skills with yearly training to keep up to date on the most recent adversarial attacks. To support our customers, our personnel are certified in well-known industry certifications such as CISSP, CISM, CIPT, CISA, CCSP, CRISC, CIPP, OSCP, OSCE, and ISO27K-LI. Teamwork is the core of our achievements the Global security and Privacy teams partake in yearly cross-functional exercises to ensure agility. These close-knit relationships motivate the team to lean in and support one another to achieve our goals.