Passportal Security Statement

SolarWinds is committed to taking our customers security and privacy concerns seriously and makes it a priority. We strive to implement and maintain security processes, procedures, standards, and take all reasonable care to prevent unauthorized access our customer data. We apply appropriate administrative, operational, and technical security controls to help ensure that our customer data is handled and processed in a responsible and secure manner.

The SolarWinds Passportal services (Passportal or Passportal Services) provide simple password and documentation management, tailored for the operations of a MSP. Passportal offers channel partners automated password protection and makes storing, managing, and retrieving passwords and client knowledge quick and easy.

The Passportal Services are hosted from Amazon Web Services, specifically Canada, the United States, and the United Kingdom. The below document describes how SolarWinds protects data that you store in the Passportal Services (Passportal Data).

Change management and consistency monitoring are implemented to ensure the high-quality service our partners expect.

Our security statement is aimed at providing you with more information about our security infrastructure and practices. Our privacy policy contains more information on how we handle data that we collect.

Reporting a Security Vulnerability

SolarWinds reviews all reports of security vulnerabilities submitted to it affecting SolarWinds products and services. To report a vulnerability in one of our products or solutions or a vulnerability in one of our corporate websites, please contact our Product Security Incident Response Team (PSIRT) at [email protected].

High Availability and Redundancy

The Passportal services are hosted from Canada, the United States, and the United Kingdom. In each region, Passportal scales dynamically based on load. Passportal employs a minimum of three (3) unique instances in a clustered load-balancing configuration allowing for scalability, redundancy and load distribution.

Data and Backups

Data sovereignty of the Passportal Data is achieved by maintaining distinct independent databases in each region.

The point in time recovery system is designed to allow us to restore to a point in time during the previous three operational months. We can then analyze, troubleshoot and integrate this Passportal Data into the advancing dataset.

In the event of dramatic technical difficulty, we are structured to restore the environment to a replica prior to the event.

Change Management

Passportal deploys infrastructure changes during scheduled maintenance periods. These changes are reviewed in staging areas that do not touch the production environment. Once approved, changes are deployed to the production environment. In the event, we run into technical difficulty we know what has changed and can restore the system to a previous version.

Orchestration
Each Passportal server that goes into operation is built by a machine-driven process. This process ensures consistency across the environment reinforcing our high quality of uptime, resilience to technical problems and limiting the potential for human error.

Vulnerability Management and Penetration Testing

The Passportal environment is scanned regularly for vulnerabilities. External penetration tests are completed on an annual basis. Any identified issues are prioritized, given their severity based on a CVSS score, and placed into the queue for remediation.

Network Security

AWS controls access to ports and protocols. Alerts from AWS are actively monitored.

Security Monitoring

Passportal access control and audit logs are monitored for anomalies and indicators of threat.

Certifications

Passportal is currently SOC 2 Type 1 certified. AWS maintains SOC 2 and ISO certifications.