Riverbed is continually refining its security strategy and framework to reflect our organization’s specific security risks. Maintaining a robust security-first culture is key to protecting the integrity of our products and services, inspiring customer confidence, and furthering our business relationships.
Riverbed knows that customers care about how personal data is used and shared, and Riverbed takes privacy very seriously. Riverbed’s privacy and risk management framework is designed to meet Riverbed’s obligations under applicable global privacy laws , including the General Data Protection Regulation (GDPR).
Riverbed undergoes third-party audits and obtains product certifications to provide our customers with independent, third-party assurances.
Riverbed designs our Cloud Service offerings to deliver secure, highly available solutions, 24×7, around the world. Riverbed Support offers 24x7x365 issue resolution, a global logistics network, and robust online resources for all products.
Riverbed’s security strategy and framework leverages industry standard best practices and standards. Our security program is led by Riverbed’s Chief Information Officer (“CISO”) with the involvement of key cross-functional stakeholders to enable a holistic approach to security management. Key features of Riverbed’s security program include:
Riverbed maintains a comprehensive set of security policies. More information regarding the security requirements and measures used to establish and enforce Riverbed’s corporate security program can be found here.
The technical and organizational measures built into specific offerings can be found here.
All Riverbed personnel are required to undergo annual security training and participate in ongoing security awareness initiatives.
Riverbed does not operate any of its own data centers. We leverage industry-leading third- party cloud infrastructure providers and requires all such providers to have a SOC 2 Type II annual audit and ISO 27001 certification, or industry recognized equivalent frameworks.
Engineering teams regularly review our code, infrastructure, and supporting systems to ensure we have the correct people, processes, and controls to protect product development and customer data.
Our security incident response team acts promptly to respond, investigate, and remediate security issues when they are detected..
Riverbed knows that customers care about how your personal data is used and shared, and Riverbed takes privacy very seriously. The Privacy page of Riverbed’s Trust Center provides a centralized source of information about Riverbed’s privacy practices.
We value the trust you place in Riverbed. We are committed to providing our customers and partners with secure solutions utilizing state of the art technologies to safeguard your information.
Riverbed’s security framework is governed by ISO/IEC 27001:2013 Information Security Standard. Riverbed has achieved internationally recognized ISO/IEC 27001:2013 certification. In addition, a subset of Riverbed solutions has also undergone Statement on Standards for Attestation Engagements (SSAE) 18 System and Organization Controls (SOC) audits. To maintain these certifications, Riverbed undergoes comprehensive annual audits from an independent third-party assessment organization. These security assessors verify Riverbed’s compliance in over 140 security and data protection areas within 14 different security categories including access control, incident response, security training, system integrity, identification and authentication, contingency planning, etc.
Established by the International Organization for Standardization (ISO), the prestigious and internationally recognized ISO 27001 standard requires the certification of an organization’s information security management controls for areas such as data security and business continuity. Riverbed’s information security management system (ISMS) has been inspected and certified by Coalfire, an accredited certifying body. The Riverbed solutions that are ISO-certified include Alluvio IQ and Alluvio Aternity Digital Experience Management platform, including End User Experience Management (EUEM) and Application Performance Management (APM).
Riverbed’s ISO 27001 certificate is available here.
Riverbed publishes a Service Organization Controls 3 (SOC 3) report for the Alluvio IQ and Alluvio Aternity Digital Experience Management platforms. This SOC 3 report is a publicly available summary of the detailed SOC 2 Type II report. The SOC 3 report provides assurance that Riverbed’s internal controls have been verified to achieve the AICPA’s Trust Services Criteria for data security and availability.
The detailed SOC 2 Type II report may be requested from your account executive.
Riverbed also contracts with Coalfire, an industry-leading penetration testing firm, to perform rigorous security testing of its Alluvio IQ and Alluvio Aternity solutions. A copy of the most recent penetration test may be requested from your account executive.
Selected Country/Language: English