Product Security Features
  • Single sign-on

  • Strong Password, Password Expiration, and Password History policies

  • Captcha protection for password authentication

  • Ability to revoke all sessions or reset all user passwords

  • Api key mandatory for api requests

  • Team based configuration, schedules, escalations, policies, integrations, alerts, and incidents
  • Team-based integrations only allow access to team-based resources
  • User & team member role support
  • Custom role support for fine-grained access of control policies
  • Integration access control policies & API key regenerate support
  • Persistent Alert, Incident, and Team Logs for regulatory compliance
  • Searchable Logs Page containing all activities
  • Integrations and Modify policies shall restrict alert content stored on Opsgenie
  • Read & write is always available via web applications and REST API
  • Static IPs available for whitelisting Opsgenie traffic to your systems, webhook & other integrations
  • Marid as a pub-sub Opsgenie event listener, requires no incoming traffic permissions
Organization Security
  • Strict controls for Opsgenie employees’ access to customer data
  • Information security training and awareness program
  • Security embedded to Software Development Life Cycle
  • Centralized Endpoint protection
  • Incident management policies & procedures implemented for security breaches
  • Policies & procedures implemented based on ISO 27001 Information Security
  • Shared responsibility model within the organization
  • Each product engineering team focuses on the security of features they crafted
  • Cross functional team focuses on the application infrastructure security
  • Security & Reliability engineering team focuses on Cloud Infrastructure security
  • Chief Security & Reliability officer focuses on all aspects of security
  • Director of Security focuses on policies & compliances across company
  • All management members and directors share security responsibility on their teams
Platform Security
  • Shared responsibility model with AWS as Cloud Provider
  • Encryption in transit TLS 1.2 and at rest AES-256
  • Passwords are stored with strong one-way encryption, Bcrypt with salt & pepper
  • Stripe for Credit Card Processing, Stripe certified to PCI Service Provider Level 1
  • Always available on multiple regions and availability zones
  • Dedicated multi-tenant data protection layer
  • Multiple levels of firewalls, policy layers for network and data protection
  • DDOS protection, 7/24 DDOS support by AWS
  • Excessive logging and monitoring for vulnerabilities and intrusion detection
  • Automated configuration assessment
  • Changes and deployments are automated and reviewed
  • Penetration testing & 3rd Party Pentest
Compliance AWS Cloud Provider
ISO-9001 ISO-27001 ISO-27017 ISO-27018
SOC-1 SOC-2 SOC-3
Opsgenie
Resources
  • AWS Cloud Provider
  • Opsgenie
We rapidly investigate all reported security issues

If you believe you’ve discovered a bug in Opsgenie’s security, please get in touch with us at security@opsgenie.com. We will respond as quickly as possible to your report. We request that you do not publicly disclose the issue until it has been addressed by Opsgenie