Informatica’s cloud security program
We are committed to continuously earning your trust; that’s why we comply with key standards and regulations in your industries. The Informatica cloud security program is designed to protect you and us from cyber threats, enabling you to take smart risks while maintaining a safe and compliant environment. We start with policies that provide a baseline for us to define standards and to define how we securely operate our cloud infrastructure at scale. We perform continuous audits to ensure that our environment is compliant with applicable standards and regulations.
At Informatica, security is everyone’s responsibility
Our global security team is comprised of the following functions:
Office of the CISO
Product Security
Governance Risk & Compliance
Cloud Security Architects
Cloud Security Engineers
Security Operations Center
All Informatica personnel supporting Customers go through periodic background checks. Before being granted access, Informatica personnel complete mandatory security training. Annual security training ensures that all employees are prepared and aware of the evolving threat landscape. Annual privacy training helps employees understand obligations under applicable laws and regulations, including the GDPR. Informatica follows a secure software development lifecycle process to help ensure that the service effectively protects customer data. Informatica also invests heavily in providing incident response training to its appropriate employees to ensure we act swiftly and responsibly during a data breach.
Informatica is committed to working with the security researcher community to improve the security of our products and services. Our Responsible Disclosure Program facilitates responsible reporting of potential vulnerabilities so we can respond swiftly and appropriately.
Binding Corporate Rules
Informatica follows Controller and Process Binding Corporate Rules (BCRs) approved by the European Data Protection Board. These BCRs embody Informatica’s commitment to its employees, business contacts, and customers to follow rigorous privacy policies and practices. See the “Binding Corporate Rules” link for current copies of the BCRs.
Certifications, assessments, and standards
Consistent with our cloud principles, we hold ourselves accountable to a higher standard. Informatica will provide executive summary of independent third-party penetration test reports.
We continuously add to our list of externally validated certifications, assessments, and standards to keep your data safe, and to ensure we remain a best-in-class cloud service provider.
 |
AWS | AZURE | GCP | SALESFORCE | VENDOR A | VENDOR B | VENDOR C | VENDOR D | VENDOR E | VENDOR F | VENDOR G | VENDOR H | |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
 |
|
|
|
|
|
|
|
|||||
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||||
|
|
|
|
|
|
|
|
|
|
|
|||
|
|
|
|
|
|
||||||||
|
|
|
|
|
|
|
|
|
|||||
|
|
|
|
|
|
|
Privacy policy
As a global leader in Enterprise Cloud Data Management, Informatica takes privacy seriously. We design products and services and conduct business with appropriate administrative, technical and organizational measures to protect personal data, and we regularly evaluate the effectiveness of those measures.
It is important to Informatica that you be informed about collection and use of your personal data. The Informatica privacy policy identifies the personal data that we may receive from business contacts including users of our services and website and individuals working on behalf of our customers, vendors, and partners. The policy explains how we use these data and the choices available to you to control those uses.
Transparency Report
Law Enforcement Requests and Informatica’s Transparency Report – September 1, 2023
This document explains how Informatica responds to governmental requests for data we process on behalf of our customers.
History of Requests:
From January 1, 2017 through the date of publication of this document, Informatica did not receive any search warrants, subpoenas, or national security requests (such as national security letters or Foreign Intelligence Surveillance Act orders) for customer data or metadata.
Encryption of customer data:
All products on Informatica’s Informatica Intelligent Cloud Services platform hosted on Microsoft Azure, Amazon Web Services, or Google Cloud Platform, including Cloud Data Integration, Master Data Management (MDM) Cloud, and Data Quality and Governance Cloud, and single-tenant hosted MDM and Product 360, encrypt all customer data and customer-specific metadata in motion (even traffic within a pod) and at rest (at both file and database level). Encryption is continuous from transit out of the customer’s network, within Informatica’s cloud components, and through to delivery to the destination. Encryption in motion uses TLS v1.2 or greater, and encryption at rest uses AES-256. This encryption creates a practical impediment to surveillance of customer data without awareness of Informatica or our customer.
Our response process relies on four principles:
Notice. Informatica notifies the customer whose data or metadata is the subject of the request, except where prohibited by law. Informatica gives this notification promptly and in advance of fulfilling the request except where prohibited by law or in the case of a bona fide emergency.
Validity. Informatica analyzes each request to determine its validity, including the substance of the request and the jurisdictional authority of the government entity, regulator, or law enforcement agency issuing the request.
Challenge. If Informatica concludes that the request itself or an order to delay notice of the request may not be valid, Informatica challenges that request or order .
Limitation. Informatica provides customer data or metadata in response to the request only if required by law. Informatica construes each request narrowly and discloses only the information required.
If you have questions about this Transparency Report, please contact privacy@informatica.com.
OFFICE OF THE CDO
Headline that takes two lines
Headline that takes two lines
OFFICE OF THE CDO
Headline that takes two lines
Headline that takes two lines
OFFICE OF THE CDO
Headline that takes two lines
Headline that takes two lines