Modern Work Management Security
Your high security standards are non-negotiable. That’s why our security infrastructure and protocols are built to keep your information secure and private.
We’ve built a cloud-based solution that you can trust with your critical workflows and data.
Workfront uses industry best-practices to ensure that the right security procedures and processes are in place to protect your data. At minimum, Workfront offers AES 256-bit encryption at rest—and in transit—protecting your data whether it's being stored or utilized.
Service level agreements
Our Enterprise-grade service level agreement ensures you’ll get the assistance you need when you need it the most. Our SLA guarantees 99.9% uptime with exceptionally fast response times as well as around-the-clock help desk availability.
No matter the environment, you have the ability to do testing your way. You’ll also be able to preview and test our latest codes while configuring the refresh rate that works best for you.
Data Storage and Isolation
Workfront doesn’t store your data on unencrypted portable media like laptop computers, external hard drives, USB drives, or other portable devices. Your data will always be properly segregated from all third-party data.
Access to production systems and data is restricted to appropriate personnel. Personnel access is established based on roles, the principle of least privilege, and multifactor authentication. All accesses are monitored and logged.
Application Penetration Testing
Third-party providers are selected bi-annually to perform independent penetration tests and vulnerability assessments of Workfront. These tests are performed on an environment that mirrors production (without your data). The scope of this test focuses on external penetration as well as vulnerabilities within the application exploited by an authenticated user. At a minimum, these engagements will include testing for industry standard vulnerability safeguards including OWASP Top 10.
Data Location and Redundancy
Your application data is stored on Amazon Web Services (AWS). Commitments to encryption, data security, confidentiality and availability are maintained at standards that meet or exceed those established with Workfront.
AWS environments are configured with multiple Availability Zones (AZs) within each given region. These AZs distribute documents between various physical locations within an AWS region. AZs are designated by environmental tolerance. While they exist in the same AWS region, they do not share power grids, flood plains, fault lines, etc. with the other physical locations within the same region.
Partner Plug-ins and Connectors
The Workfront partner network offers various solutions for delivering strategic integrations with independent vendor applications. Safeguards for the tools built and implemented by Workfront partners are established and maintained by the partner. Workfront does not include these plug-ins and connectors during control performance or application penetration testing. Any additional information related to the security of these partner plug-ins and connectors should be addressed to the partner.
We encourage you to use your current technology. Workfront provides a centrally managed Single Sign-On (SSO) configuration that integrates Workfront with your existing SSO solution. Using this functionality, Workfront easily plugs into the most popular SSO solutions, including LDAP, Active Directory, and other Federated solutions that support SAML 1.1/2.0.
Last Updated April 16, 2018
Workfront works to provide any and all appropriate validation of security, availability, confidentiality and data integrity safeguards. A mixed approach of internal testing and third-party independent attestation reports are used to provide this assurance. Customers are encouraged to review our compliance offerings and the safeguards to which they attest.
Last Updated August 16, 2018
Customer Acceptable Use Policy
This Customer Acceptable Use Policy (“AUP”) describes actions that are prohibited when Customer uses the SaaS Services. Workfront reserves the right to suspend Customers access to the SaaS Services as a result of any violation of this AUP by Customer or any of its personnel.
Customer agrees not to upload or otherwise transmit to or through the SaaS Services any of the following material or other content (“content”):
- content that infringes the intellectual property rights or other rights of third parties, including without limitation trademark rights, copyrights or rights of publicity or privacy;
- content that contains viruses, trojan horses, worms or any other malicious, harmful, or deleterious programs or code;
- content that is libelous or defamatory or otherwise malicious or harmful to any person or entity, or discriminatory based on race, sex, religion, nationality, disability, sexual orientation or age;
- content that promotes or enables any illegal activity; or
- personal financial or medical information of any nature or any other non-public personally identifiable information that could be legally considered private or sensitive, including without limitation social security numbers, driver’s license numbers, birth dates, personal bank account numbers, passport or visa numbers, passwords, and credit card numbers.
If Customer uploads any of the foregoing content to the SaaS Services, upon discovery, Customer agrees to remove such content immediately or, at its reasonable discretion, Workfront may purge such data from the SaaS Services.
In addition, Customer will not use, or encourage or allow any other person or entity to use, the SaaS Services in any of the following manners:
- launching or facilitating a denial of service attack on any SaaS Services;
- adversely impacting the availability, reliability or stability of any SaaS Services;
- attempting to bypass or break any security mechanism on any of the SaaS Services or using the SaaS Services in any other manner that poses a security or service risk to Workfront, to any user of the SaaS Services or to any of Workfront’s customers;
- testing, scanning, probing or reverse-engineering the SaaS Services in order to find limitations, vulnerabilities or evade filtering capabilities;
- using the SaaS Services in any manner that may subject Workfront or any third party to liability, damages or danger;
- using the SaaS Services to engage in illegal or fraudulent activity;
- interfering with or disrupting networks connected to the SaaS Services or violating the regulations, policies or procedures of such networks;
- manipulating, removing, altering or in any way obscuring pages or other elements of the SaaS Services; or
- creating a Workfront account for the purpose of competitive evaluation or research or otherwise allowing any person or entity that offers or provides services that are competitive with Workfront’s products and/or services to use or access any SaaS Services.
Customer must also ensure that its users (1) do not reveal their account passwords to others or allow use of their accounts by others and (2) protect such passwords from unauthorized use or access. Customer is responsible for setting and maintaining password policies and access controls in Customer’s environment and must configure its hardware and software in a way that reasonably prevents unauthorized users from accessing its users’ accounts.
ISO 27001 Certified
Basic project and work management to get your team started.
Complete work management for your entire department. Includes premium digital content review and approval.
Work management for multiple departments. Includes premium digital content review and approval.
Unlimited enterprise solution with advanced security. lncludes premium digital content review and approval.
- Automate workflows across teams and departments
- Connect your tools and applications in one location
- Streamline your digital asset management