Product Security Features
  • Single sign-on

  • Strong Password, Password Expiration, and Password History policies

  • Captcha protection for password authentication

  • Ability to revoke all sessions or reset all user passwords

  • Team based configuration, schedules, escalations, policies, integrations, alerts, and incidents
  • Team-based integrations only allow access to team-based resources
  • User & team member role support
  • Custom role support for fine-grained access of control policies
  • Integration access control policies & API key regenerate support
  • Persistent Alert, Incident, and Team Logs for regulatory compliance
  • Searchable Logs Page containing all activities
  • Integrations and Modify policies shall restrict alert content stored on OpsGenie
  • Read & write is always available via web applications and REST API
  • Static IPs available for whitelisting OpsGenie traffic to your systems, webhook & other integrations
  • Marid as a pub-sub OpsGenie event listener, requires no incoming traffic permissions
Organization Security
  • Strict controls for OpsGenie employees’ access to customer data
  • Information security training and awareness program
  • Security embedded to Software Development Life Cycle
  • Centralized Endpoint protection
  • Incident management policies & procedures implemented for security breaches
  • Policies & procedures implemented based on ISO 27001 Information Security
  • Shared responsibility model within the organization
  • Each product engineering team focuses on the security of features they crafted
  • Cross functional team focuses on the application infrastructure security
  • Security & Reliability engineering team focuses on Cloud Infrastructure security
  • Chief Security & Reliability officer focuses on all aspects of security
  • Director of Security focuses on policies & compliances across company
  • All management members and directors share security responsibility on their teams
Platform Security
  • Shared responsibility model with AWS as Cloud Provider
  • Encryption in transit and at rest
  • Passwords are stored with strong one-way encryption, Bcrypt with salt & pepper
  • Stripe for Credit Card Processing, Stripe certified to PCI Service Provider Level 1
  • Always available on multiple regions and availability zones
  • Multiple levels of firewalls, policy layers for network and data protection
  • DDOS protection, 7/24 DDOS support by AWS
  • Excessive logging and monitoring for vulnerabilities and intrusion detection
  • Changes and deployments are automated and reviewed
  • Penetration testing & 3rd Party Pentest
Whitepaper: Security in OpsGenie

Checkout the OpsGenie whitepaper to get details on our security process

Compliance AWS Cloud Provider
ISO-9001 ISO-27001 ISO-27017 ISO-27018
SOC-1 SOC-2 SOC-3
OpsGenie
Resources We rapidly investigate all reported security issues

If you believe you’ve discovered a bug in OpsGenie’s security, please get in touch with us at security@opsgenie.com. We will respond as quickly as possible to your report. We request that you do not publicly disclose the issue until it has been addressed by OpsGenie

Security Assessment Responses under NDA