Security & Compliance

Devolutions Inc. is committed to be a leader in providing the safest products and services on the market for remote access and password management software. This commitment is driven by and aligns to the organization’s core values to promote transparency of our practices, to share with others and to deliver above expectations.

Security & Compliance

Data Protection & Compliance

HIPAA Security Rules Compliance

An independent validation of Devolutions Server, Remote Desktop Manager and Password Hub's features were determined to be consistent with the Administrative, Physical, and Technical requirements of HIPAA’s Security Rule.

GDPR Compliance

Devolutions collects and processes personal data of European individuals in compliance with the GDPR, whether as a controller or as a processor, as detailed in its Privacy Policy and its Data Processing Addendum.

FIPS 140-2 Annex A Compliance

To ensure that Remote Desktop Manager complies with restrictions in highly sensitive environments, we have aligned it with this standard’s approved security functions for encryption at rest and in transit.

Security & Compliance

SOC3/SOC2 Type-II - Devolutions Password Hub Report

A SOC3/2 (Service Organization Control) report is an independent opinion aiming to provide reasonable assurance on the suitability of design and effectiveness of controls for a service. Devolutions Password Hub for Business and Personal are both covered by this annual report.

SOC2 for Devolutions Password Hub On-demand

ISO 27001:2013 Certification

Devolutions Information Security Management System (ISMS) is compliant with the standard under the following scope: Information security for software development and customer support for password and remote connection products and services in accordance with the Statement of Applicability V.1.

PCI DSS Compliance

Devolutions does not store, process, or transmit any payment card information. These functions are handled by our trusted and accredited partners Stripe and Paypal.

Associations and membership

IN-SEC-M Membership

In-Sec-M aims to promote the cybersecurity industry and increase the innovation, commercialization, and growth capabilities of businesses in this field.

MITRE CNA Program

To better streamline vulnerability disclosure processes and promote transparency across the security of products, Devolutions has enrolled successfully in the CVE Numbering Authority (CNA) program managed by MITRE.

Cloud Hosting and Security

Microsoft Azure Cloud

Our infrastructure and services leverage secure and resilient cloud services provided by Microsoft Azure. Security compliance and requirements are reviewed periodically by the Chief Security Officer and the Director of Legal Affairs to ensure alignment with high security standards.

Zero-knowledge encryption

Zero-knowledge encryption provides customer information confidentiality by leveraging cryptography that prevents Devolutions’s personnel from accessing data. Client-side encryption and asymmetric cryptography contribute to protecting customer data, even from us!

On Demand

Secure Development & Vulnerability Management

Github

Devolutions uses GitHub, a well-known and widely accepted version control system, to protect and manage source code.

Open Source

Our cryptographic library, DevolutionsCrypto, has been published on GitHub. We encourage the community to review this implementation and report any appropriate feedback for product safety and improvement.

Penetration testing and Application Security

All our products and services undergo penetration testing activities internally and by external firms. Our security team works closely with developers to provide help and contribute to secure coding.

Responsible Disclosure and Security Advisories

Devolutions has a formal Responsible Disclosure process that includes channels for reporting vulnerabilities, risk evaluation and remediation processes, and public-facing Security Advisories to advise customers once they are fixed.

Security Operations

Enterprise Risk Management Framework

The organization has adopted a formal Enterprise Risk Management framework that covers all risks that could negatively affect our products and services as well as risks that may endanger business continuity.

The ERM framework is approved by the Board of Directors and managed under the responsibility of the Executive Committee and the Director of Legal Affairs, Risk, and Compliance.

Multi-Factor Authentication

Our supporting applications and infrastructure are configured to use MFA to prevent unauthorized access. All our products and services support the use of MFA for your own benefit.

Privileged Identity and Access Management

Being a leader in remote connection and access management would not be credible without abiding by a strong Identity and Access Management (IAM) program that enforces the use of PIM and PAM technologies for privileged accounts. Dogfooding our own products and services allows us to deliver high quality and very useful feature sets for our customers.

In-house Security Operation and Development Team

The security program is managed and operated by a Devolutions-owned and highly qualified information security team that cumulates accreditations and certifications from the most respected authorities in the industry including, but not limited to: (ISC)2, ISACA, Cloud Security Alliance, Offensive Security, and Identity Management Institute.

FAQ

Security & Compliance