Version: June, 2024
Alation customers include large global enterprises in financial services, healthcare, insurance, and technology. These companies are subject to rigorous internal and external regulations and information security standards. They are able to continue meeting their security and compliance objectives with Alation as an integral part of their environment—both by applying organization-specific controls and by leveraging the strength of Alation’s product and operational security. On Alation Cloud Service, customers’ data is encrypted and not accessible by Alation’s site engineers.
Alation has made significant investments in security and privacy that meet or exceed industry best practices. We have adopted and are certified for the ISO 27001:2013 framework as a baseline security standard for the entire company and the development and maintenance of our products. Additionally, we have met all controls for SOC 2 on our Alation Cloud Service. Our operational security consists of:
Business Continuity and Disaster Recovery Management
Organizational and Operational Security
Secure System Development Life Cycle
Third-Party Risk Management
People Operations Security
Incident Management
Asset Management
Communications
Access Control
Encryption
Alation employs static code analysis, dynamic code analysis, and vulnerability scanners as part of its development and environment process to discover and address vulnerabilities. Additionally, Alation goes through a penetration test at least twice annually, maintaining risk management that captures business and third-party risk. We review every third party that is introduced into our infrastructure and conduct annual risk assessments against our key third-party partners.
Compliance
FedRAMP Moderate: In Process as of 04/26/2024. Alation continues to pursue full authorization with an expected Authority to Operate (ATO) in early 2025.
ISO 27001:2013 Alation software and hosting through Alation Cloud Service ISO 27001 certified as of January 29, 2020. Alation’s ISO 27001 certification is available here. The update to ISO 27001:2022 is coming soon.
ISO 27701:2019 Alation software and hosting through Alation Cloud Service are ISO 27001 certified as of January 12, 2022. Alation’s ISO 27701 certification is available here.
SOC 2 Type II: Alation maintains an American Institute of CPAs (AICPA) Service Organization Control (SOC) 2 report against Alation Cloud service. Our report is available here.
HIPAA/HITECH: Alation has attained an attestation of compliance with the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH). Both are included in our SOC 2 report.
Security documents can be requested through your sales representative. Security-related issues can be reported through security@alation.com.