Frequently Asked Questions

Informatica isn't ISO 27001 certified yet, but it's on our roadmap, and we're considering to get certified sooner.

The list of Subprocessors is available at: https://www.informatica.com/legal/informatica-subprocessors.html

Informatica engages a reputable third-party vendor to perform a pentest on its environment annually. Please contact your Informatica account executive for a summary copy of the latest pentest.

Our platform leverages industry-standard encryption practices. This means that customer data is encrypted at rest using an AES-256 key. Data in transit is encrypted using TLS-1.2 or above protocol.

Informatica scans its environment periodically and identified vulnerabilities are patched according to the Security Vulnerability Patching Policy.

Employee background checks are performed before they are onboarded.

Informatica will notify the Customer upon becoming aware of an incident or breach within 72 hours through the agreed-upon channel specified in the contract.

Please send an email to Security@informatica.com.

For more information on Informatica's Service Level Commitment, please visit:

https://www.informatica.com/content/dam/informatica-com/en/docs/legal/service-level-commitment.pdf

Training and Awareness for Compliance and Privacy is conducted for all employees during on-boarding and annually thereafter.

The privacy policies are reviewed annually. Our external privacy policy can be found at Informatica Privacy Policy.

Informatica maintains information security liability insurance or errors & omissions insurance covering liability for Security Incidents. Cyber Insurance is available for download in the Security Tab of the Trust Center Page.

Informatica employs NIST 800-88 standards for secure data destruction. Informatica will wipe all customer data from Informatica storage locations and provide a written certification of destruction within 60 days.

Informatica's change management is based on the Information Technology Infrastructure Library (ITIL) methodology for IT Service Management best practices. Our operational change management/Change Control policy or program includes Pre-implementation testing, Post-implementation testing, a review for potential security impact, operational impact, communication of changes to all relevant Constituents, Rollback procedures, Documentation, and logging of changes.

Informatica Cloud Solution utilizes a multi-tenant environment, with segregation maintained by the application. Data segregation is achieved using logical database schema.

You'll find answers to commonly asked questions about our products/services here. If you can't find the information you're looking for, feel free to contact our support team for further assistance.

Is Informatica ISO 27001 certified?

Do you uses any Subprocessors to deliver services to Customers?

Do you perform Pentest on the application?

Do you encrypt the Customer's data?

Do you perform vulnerability scans?

Do you conduct background checks of your employee?

How do you report an incident?

How can we report an incident?

What is the SLA for the Cloud Services you provide?

Do you conduct annual compliance and privacy training?

Do you review and update your data security and privacy policies and procedured at least annually?

Does your organization have Cyber Insurance (technical or professional errors & omissions insurance)?

Do you apply industry-standard methods for secure data disposal of customer data upon termination of services?

Do you have a change control process in place that adheres to industry standards and is the quality change control, approval and testing process followed?

How is data separated between customers?