Trust is the cornerstone of any successful partnership, which is why we provide every customer a reliable and secure SaaS offering. And since we believe trust also requires transparency, this page gives you an overview of how we protect your data and ensure compliance and system availability.
Your organization relies on access the availability of our software which thrives us to do everything in our power to ensure all systems are up and running at all times.
Security & Compliance
We are ISO27001, SOC 2 and Cyber Essentials Plus certified, compliant with GDPR and have several measures in place to ensure security.
The LeanIX platform promotes continuous transformation and enables Corporate IT and Product IT teams to establish superior governance while efficiently organizing, planning, and managing IT landscapes.
You rely on us delivering the best and most reliable SaaS, which is why we build on modern technologies, best-in-class processes and transparency to ensure the availability of our solution.
An important part of ensuring availability is building a reliable foundation. For this reason, we decided to implement our software on the basis of a Microservices Architecture. Also, we make use of state-of-the-art technologies such as GraphQL to offer a graph-based API, and we aim to have a reasonable and maintainable tech stack, which can be viewed e.g. on stackshare.io.
Our software is divided into multiple component services (Microservices) to quickly and accurately repair or update bits and parts of the product without compromising the integrity of the application.
With our state-of-the-art graph-based API (leveraging GraphQL developed by Facebook), we provide an excellent way to request exactly what you need, improving response times.
We're built ourselves on a modern technology stack and are happy to share it. Learn more on https://stackshare.io/leanix
We use different systems and mechanisms to monitor the performance as well as the availability and response-times of our LeanIX solution. In case of incidents, we have a dedicated on-call-engineer who is available 24/7 to solve the incident.
We make the availability and response-times of our software publicly available to you via
Using solutions like Pingdom and Instana, we constantly monitor LeanIX’s performance to stay aware of issues.
Similar to a nurse in a hospital, our on-call engineer is always available to fix critical issues to ensure a speedy resolution.
LeanIX is built for scale, and if you're looking for an enterprise-ready role and rights management system, we’ve got you covered. We also allow customers to manage users from a single, central directory using either the LeanIX Identity Management or any 3rd party SSO Identity Provider.
LeanIX comes with a build in Identity Management and a comprehensive roles and rights model to ensure compliance.
Have a 3rd party SSO Identity Provider in place? Not a problem—LeanIX can easily integrate with all SAML 2.0 compliant providers.
Hosting via Microsoft Azure allows LeanIX to be reached worldwide and guarantees maximum availability.
Data security is our top priority. For this reason, we have introduced several processes and regulations to ensure the security of your data and enable better compliance.
Learn more in our public Information Security Policy.
Security & Compliance
We ensure data protection and are committed to keeping customer information safe and secure. We are ISO 27001, SOC 2 and Cyber Essentials Plus certified. Also, we have robust password policies in place and ensure data encryption. And by following the Principle of Least Privilege (PoLP) we ensure only necessary privileges are given.
LeanIX is SOC 2 Type 2 certified for its Continuous Transformation Platform by an independent auditor. The SOC 2 report is based on the trust service criteria relevant to Security, Availability, Confidentiality and Privacy.
With ISO 27001 Certification for Information Security Management System, we comply with the highest, industry-leading global security standards.
ISO 27001 Certification for LeanIX GmbH
ISO 27001 Certification for LeanIX Inc
LeanIX is Cyber Essentials Plus certified, as confirmed by an independent auditor. This UK certification provides assurance that a number of key information security controls are in place within an organization.
LeanIX is listed in the Cloud Security Alliance's Security, Trust, Assurance and Risk (STAR) registry. Customers and prospective customers can view our STAR Level 1 entry and access our completed CAIQ here.
LeanIX is a Corporate Member of Cloud Security Alliance (CSA) as a SaaS Solution Provider.
Data is encrypted in transit using TLS 1.2 protocol with strong ECDHE ciphers.
To ensure data security on an employee level, passwords are hashed using a strong bcrypt algorithm. Strong password configurations are enforced in line with global best practices.
We follow the Principle of Least Privilege (PoLP) and employees are given only privileges that are necessary for performing their duties.
Security & Compliance
We believe that security must be part of the foundation, so we rely on secure hosting partners and regular penetration testing. In addition, we have a dedicated security team focused on the highest levels of security and compliance.
Our data center partner Microsoft Azure complies with the highest standards - ISO and SOC certified.
External penetration tests are performed by experts on a regular basis. Internal penetration tests and vulnerability assessment scans are performed by dedicated in-house information security team.
With a dedicated LeanIX Security Team, we ensure data compliance and security and tackle new certifications.
Find links to resources covering relevant information on LeanIX’s Availability, Modern Architecture, Data Security and Compliance.