An independent validation of Devolutions Server, Remote Desktop Manager and Password Hub's features were determined to be consistent with the Administrative, Physical, and Technical requirements of HIPAA’s Security Rule.
Security & Compliance
Devolutions Inc. is committed to be a leader in providing the safest products and services on the market for remote access and password management software. This commitment is driven by and aligns to the organization’s core values to promote transparency of our practices, to share with others and to deliver above expectations.
Security & ComplianceData Protection & Compliance
Devolutions collects and processes personal data of European individuals in compliance with the GDPR, whether as a controller or as a processor, as detailed in its Privacy Policy and its Data Processing Addendum.
To ensure that Remote Desktop Manager complies with restrictions in highly sensitive environments, we have aligned it with this standard’s approved security functions for encryption at rest and in transit.
Security & Compliance
A SOC3/2 (Service Organization Control) report is an independent opinion aiming to provide reasonable assurance on the suitability of design and effectiveness of controls for a service. Devolutions Password Hub for Business and Personal are both covered by this annual report.
SOC2 for Devolutions Password Hub On-demand
Devolutions Information Security Management System (ISMS) is compliant with the standard under the following scope: Information security for software development and customer support for password and remote connection products and services in accordance with the Statement of Applicability V.1.
Devolutions does not store, process, or transmit any payment card information. These functions are handled by our trusted and accredited partners Stripe and Paypal.
Associations and membership
To better streamline vulnerability disclosure processes and promote transparency across the security of products, Devolutions has enrolled successfully in the CVE Numbering Authority (CNA) program managed by MITRE.
In-Sec-M aims to promote the cybersecurity industry and increase the innovation, commercialization, and growth capabilities of businesses in this field.
Cloud Hosting and Security
Our infrastructure and services leverage secure and resilient cloud services provided by Microsoft Azure. Security compliance and requirements are reviewed periodically by the Chief Security Officer and the Director of Legal Affairs to ensure alignment with high security standards.
Zero-knowledge encryption provides customer information confidentiality by leveraging cryptography that prevents Devolutions’s personnel from accessing data. Client-side encryption and asymmetric cryptography contribute to protecting customer data, even from us!
On Demand
Secure Development & Vulnerability Management
Devolutions uses GitHub, a well-known and widely accepted version control system, to protect and manage source code.
Our cryptographic library, DevolutionsCrypto, has been published on GitHub. We encourage the community to review this implementation and report any appropriate feedback for product safety and improvement.
All our products and services undergo penetration testing activities internally and by external firms. Our security team works closely with developers to provide help and contribute to secure coding.
Devolutions has a formal Responsible Disclosure process that includes channels for reporting vulnerabilities, risk evaluation and remediation processes, and public-facing Security Advisories to advise customers once they are fixed.
Security Operations
The organization has adopted a formal Enterprise Risk Management framework that covers all risks that could negatively affect our products and services as well as risks that may endanger business continuity.
The ERM framework is approved by the Board of Directors and managed under the responsibility of the Executive Committee and the Director of Legal Affairs, Risk, and Compliance.
Our supporting applications and infrastructure are configured to use MFA to prevent unauthorized access. All our products and services support the use of MFA for your own benefit.
Being a leader in remote connection and access management would not be credible without abiding by a strong Identity and Access Management (IAM) program that enforces the use of PIM and PAM technologies for privileged accounts. Dogfooding our own products and services allows us to deliver high quality and very useful feature sets for our customers.
The security program is managed and operated by a Devolutions-owned and highly qualified information security team that cumulates accreditations and certifications from the most respected authorities in the industry including, but not limited to: (ISC)2, ISACA, Cloud Security Alliance, Offensive Security, and Identity Management Institute.
FAQ
No. FIPS Validation requires extensive testing from NIST to ensure secure and efficient cryptographic module implementation. Devolutions cryptographic library is built on top of publicly reviewed libraries that uses FIPS 140-2 Annex A Approved Security Functions.
No. Devolutions does not store nor access health information for its customers.
However, our products and services may be used to access those environments. This is why they are aligned with the HIPAA Security Rules requirements.
Not yet. We are currently in the process of implementing FIPS 140-2 Annex A support to the product.
No. Our products and services are not meant to be used as a payment platform or merchant’s payment card storage. The credit card entries are available for convenience but should never store customer payment card information.
However, Devolutions itself does comply to PCI DSS requirements being an online merchant that outsources all payment functions to a certified third-party.