Last Update: September 1, 2020
Last Update: March 8, 2022
Last Update: January 1, 2021
Devolutions Password Hub SOC 3 Report
Last Update: April 4, 2022
Cryptographic Design for Devolutions Password Hub
Last Update: December 18, 2020
Last Update: March 1, 2021
Devolutions Inc. is committed to be a leader in providing the safest products and services on the market for remote access and password management software. This commitment is driven by and aligns to the organization’s core values to promote transparency of our practices, to share with others and to deliver above expectations.
Our security program, led by the Chief Security Officer and overseen by the Executive Committee and the Board of Directors, covers three fundamental practices:
The program is managed and operated by Devolutions-owned and highly qualified information security team working hard every day to meet the objectives of our commitment requirements and above.
Information available below is only the visible tip of the iceberg on the ongoing efforts led by our commitment to security. More will be available over time and our team always remains available for any security-related question at firstname.lastname@example.org.
While we do take care of the security of our products, the fast-changing nature and complexity of security may inadvertently expose our software or supporting infrastructure to vulnerabilities. If you identify such a vulnerability, please send us your report in a timely manner at email@example.com. The report should include the following items:
Once submitted, allow us a reasonable time frame to provide some feedback. Our security team must:
We kindly ask to maintain the report and its content confidential until the appropriate corrective measures are released in production. Please also note that exploiting a reported vulnerability abusively or for illegal, malicious or other inappropriate purposes may result in legal prosecutions against the reporter, which could lead to civil or criminal liability. An action is considered abusive or inappropriate when its purpose compromises customer-related or internal confidential information in an undue or disproportionate manner, or when such an action has some other aim than the demonstration of a vulnerability.