Passportal Security Statement

as of November 5, 2019

SolarWinds is committed to taking our customers security and privacy concerns seriously and makes it a priority. We strive to implement and maintain security processes, procedures, standards, and take all reasonable care to prevent unauthorized access our customer data. We apply appropriate administrative, operational, and technical security controls to help ensure that our customer data is handled and processed in a responsible and secure manner.

Our security statement is aimed at providing you with more information about our security infrastructure and practices. Our privacy policy contains more information on how we handle data that we collect.

SolarWinds Passportal-Specific Infrastructure

The SolarWinds Passportal services (Passportal or Passportal Services) provide simple password and documentation management, tailored for the operations of an MSP.  Passportal offers channel partners automated password protection and makes storing, managing, and retrieving passwords and client knowledge quick and easy. 

The Passportal Services are currently hosted from Amazon Web Services, specifically Australia, Canada, Germany, the United States, and the United Kingdom.  The below document describes the controls around data that you store in the Passportal Services (Passportal Data).    

Change management and consistency monitoring are implemented to help ensure the high-quality service our partners expect.

High Availability and Redundancy

The Passportal Services are currently hosted from Australia, Canada, Germany, the United States, and the United Kingdom.  In each region, the Passportal Services are designed to scale dynamically based on load.  Passportal employs a minimum of three (3) unique instances in a clustered load-balancing configuration, designed to allow for scalability, redundancy and load distribution.

Data and Backups

Data sovereignty of the Passportal Data is achieved by maintaining distinct independent databases in each region.

The point in time recovery system is designed to allow us to restore the Passportal Data to a point in time during the previous three operational months.  We can then analyze, troubleshoot and integrate this Passportal Data into the advancing dataset. 

In the event of dramatic technical difficulty, we are structured to restore the environment to a replica obtained during the three previous operational months prior to the event.

Change Management

SolarWinds deploys infrastructure changes for the Passportal Services during scheduled maintenance periods.  These changes are reviewed in staging areas that do not touch the production environment.  Once approved, changes are deployed to the production environment.  In the event, we run into technical difficulty, we know what has changed and can restore the Passportal Services to a previous version.

Orchestration

Each Passportal server that goes into operation is built by a machine-driven process. This process ensures consistency across the environment reinforcing our high quality of uptime, resilience to technical problems and limiting the potential for human error.

Vulnerability Management and Penetration Testing

The Passportal environment is scanned regularly for vulnerabilities.  External penetration tests are completed on an annual basis.  Any identified issues are prioritized, given their severity based on a CVSS score, and may be placed into the queue for remediation.

Network Security

AWS controls access to ports and protocols.   Alerts from AWS are actively monitored.

Security Monitoring

Passportal access control and audit logs are monitored for anomalies and indicators of threat.

Certifications

Passportal is currently SOC 2 Type 1 certified.  AWS maintains SOC 2 and ISO certifications.