Opsgenie security

Here at Opsgenie we take security very seriously. Below is a summary of our key security practices. If you have any questions, contact us at security@opsgenie.com, or participate in Opsgenie’s Community Forums

Product security features

Authentication

  • Single sign-on
  • Strong Password, Password Expiration, and Password History policies
  • Captcha protection for password authentication
  • Ability to revoke all sessions or reset all user passwords
  • Api key mandatory for api requests

Access control

  • Team based configuration, schedules, escalations, policies, integrations, alerts, and incidents
  • Team-based integrations only allow access to team-based resources
  • User & team member role support
  • Custom role support for fine-grained access of control policies
  • Integration access control policies & API key regenerate support

Logging

  • Persistent Alert, Incident, and Team Logs for regulatory compliance
  • Searchable Logs Page containing all activities

Your data fully under your control

  • Integrations and Modify policies shall restrict alert content stored on Opsgenie
  • Read & write is always available via web applications and REST API

Security for your systems

  • Static IPs available for whitelisting Opsgenie traffic to your systems, webhook & other integrations
  • Marid as a pub-sub Opsgenie event listener, requires no incoming traffic permissions

Organization security

  • Strict controls for Opsgenie employees’ access to customer data
  • Information security training and awareness program
  • Security embedded to Software Development Life Cycle
  • Centralized Endpoint protection
  • Incident management policies & procedures implemented for security breaches
  • Policies & procedures implemented based on ISO 27001 Information Security
  • Shared responsibility model within the organization
  • Each product engineering team focuses on the security of features they crafted
  • Cross functional team focuses on the application infrastructure security
  • Security & Reliability engineering team focuses on Cloud Infrastructure security
  • Chief Security & Reliability officer focuses on all aspects of security
  • Director of Security focuses on policies & compliances across company
  • All management members and directors share security responsibility on their teams

Platform security

  • Shared responsibility model with AWS as Cloud Provider
  • Encryption in transit TLS 1.2 and at rest AES-256
  • Passwords are stored with strong one-way encryption, Bcrypt with salt & pepper
  • Stripe for Credit Card Processing, Stripe certified to PCI Service Provider Level 1
  • Always available on multiple regions and availability zones
  • Dedicated multi-tenant data protection layer
  • Multiple levels of firewalls, policy layers for network and data protection
  • DDOS protection, 7/24 DDOS support by AWS
  • Excessive logging and monitoring for vulnerabilities and intrusion detection
  • Automated configuration assessment
  • Changes and deployments are automated and reviewed
  • Penetration testing & 3rd Party Pentest

Compliance

SOC logo
Opsgenie SOC2 Type I
CSA logo
Cloud Security Alliance STAR Questionnaire

Resources

AWS Cloud Provider

AWS Cloud Security

AWS Shared Responsibility Model

AWS Compliance Programs

AWS Security Whitepaper

Opsgenie

Cloud Security Alliance STAR Questionnaire

Atlassian Security Practices

Public Bug Bounty Program

Opsgenie Terms of Service

Opsgenie Privacy Policy

We rapidly investigate all reported security issues

If you believe you’ve discovered a bug in Opsgenie’s security, please get in touch with us at security@opsgenie.com. We will respond as quickly as possible to your report. We request that you do not publicly disclose the issue until it has been addressed by Opsgenie