Last Updated March 31, 2016
We’ve built a cloud-based solution that you can trust with your critical workflows and data.
Workfront uses industry best-practices to ensure that the right security procedures and processes are in place to protect your data. At minimum, Workfront offers AES 256-bit encryption at rest—and in transit—protecting your data whether it's being stored or utilized.
Service level agreements
Our Enterprise-grade service level agreement ensures you’ll get the assistance you need when you need it the most. Our SLA guarantees 99.9% uptime with exceptionally fast response times as well as around-the-clock help desk availability.
No matter the environment, you have the ability to do testing your way. You’ll also be able to preview and test our latest codes while configuring the refresh rate that works best for you.
Data Storage and Isolation
Workfront doesn’t store your data on unencrypted portable media like laptop computers, external hard drives, USB drives, or other portable devices. Your data will always be properly segregated from all third-party data.
Access to production systems and data is restricted to appropriate personnel. Personnel access is established based on roles, the principle of least privilege, and multifactor authentication. All accesses are monitored and logged.
Application Penetration Testing
Third-party providers are selected bi-annually to perform independent penetration tests and vulnerability assessments of Workfront. These tests are performed on an environment that mirrors production (without your data). The scope of this test focuses on external penetration as well as vulnerabilities within the application exploited by an authenticated user. At a minimum, these engagements will include testing for industry standard vulnerability safeguards including OWASP Top 10.
Data Location and Redundancy
Your application data is stored on Amazon Web Services (AWS). Commitments to encryption, data security, confidentiality and availability are maintained at standards that meet or exceed those established with Workfront.
AWS environments are configured with multiple Availability Zones (AZs) within each given region. These AZs distribute documents between various physical locations within an AWS region. AZs are designated by environmental tolerance. While they exist in the same AWS region, they do not share power grids, flood plains, fault lines, etc. with the other physical locations within the same region.
Partner Plug-ins and Connectors
The Workfront partner network offers various solutions for delivering strategic integrations with independent vendor applications. Safeguards for the tools built and implemented by Workfront partners are established and maintained by the partner. Workfront does not include these plug-ins and connectors during control performance or application penetration testing. Any additional information related to the security of these partner plug-ins and connectors should be addressed to the partner.
We encourage you to use your current technology. Workfront provides a centrally managed Single Sign-On (SSO) configuration that integrates Workfront with your existing SSO solution. Using this functionality, Workfront easily plugs into the most popular SSO solutions, including LDAP, Active Directory, and other Federated solutions that support SAML 1.1/2.0.
Last Updated April 16, 2018
Workfront works to provide any and all appropriate validation of security, availability, confidentiality and data integrity safeguards. A mixed approach of internal testing and third-party independent attestation reports are used to provide this assurance. Customers are encouraged to review our compliance offerings and the safeguards to which they attest.
Last Updated March 31, 2016
ISO 27001 Certified
Basic project and work management to get your team started.
Complete work management for your entire department. Includes premium digital content review and approval.
Work management for multiple departments. Includes premium digital content review and approval.
Unlimited enterprise solution with advanced security. lncludes premium digital content review and approval.
- Automate workflows across teams and departments
- Connect your tools and applications in one location
- Streamline your digital asset management