The Trust Center
Trust is the basis of everything we do.
Companies rely on Riverbed to:
- Transform IT data into actionable insights so they can deliver seamless, secure digital experiences; and
- Provide fast, agile, secure acceleration of any app, over any network, to users wherever they are.
How We Protect Your Business
Four Pillars of Trust
Riverbed leverages a “Four Pillars” approach to deliver secure and dependable products and services.
Security
Riverbed is continually refining its security strategy and framework to reflect our organization’s specific security risks. Maintaining a robust security-first culture is key to protecting the integrity of our products and services, inspiring customer confidence, and furthering our business relationships.
Privacy
Riverbed knows that customers care about how personal data is used and shared, and Riverbed takes privacy very seriously. Riverbed’s privacy and risk management framework is designed to meet Riverbed’s obligations under applicable global privacy laws , including the General Data Protection Regulation (GDPR).
Compliance
Riverbed undergoes third-party audits and obtains product certifications to provide our customers with independent, third-party assurances.
Reliability
Riverbed designs our Cloud Service offerings to deliver secure, highly available solutions, 24×7, around the world. Riverbed Support offers 24x7x365 issue resolution, a global logistics network, and robust online resources for all products.
Security
Riverbed’s security strategy and framework leverages industry standard best practices and standards. Our security program is led by Riverbed’s Chief Information Officer (“CISO”) with the involvement of key cross-functional stakeholders to enable a holistic approach to security management. Key features of Riverbed’s security program include:
Security Policies
Riverbed maintains a comprehensive set of security policies. More information regarding the security requirements and measures used to establish and enforce Riverbed’s corporate security program can be found here.
Security Measures
The technical and organizational measures built into specific offerings can be found here.
Security Training & Awareness
All Riverbed personnel are required to undergo annual security training and participate in ongoing security awareness initiatives.
Data Center Security
Riverbed does not operate any of its own data centers. We leverage industry-leading third- party cloud infrastructure providers and requires all such providers to have a SOC 2 Type II annual audit and ISO 27001 certification, or industry recognized equivalent frameworks.
Testing & Verification
Engineering teams regularly review our code, infrastructure, and supporting systems to ensure we have the correct people, processes, and controls to protect product development and customer data.
Security Incident Response
Our security incident response team acts promptly to respond, investigate, and remediate security issues when they are detected..
Privacy
Riverbed knows that customers care about how your personal data is used and shared, and Riverbed takes privacy very seriously. The Privacy page of Riverbed’s Trust Center provides a centralized source of information about Riverbed’s privacy practices.
Privacy Resources
When Riverbed Acts as a Controller
- Riverbed’s General Privacy Policy applies to personal data collected through Riverbed’s websites, feedback, and surveys, the sales and contracting process, and both online and offline sales and marketing activities.
- Riverbed’s CCPA Notice supplements Riverbed’s General Privacy Policy and describes the rights of California residents under the California Consumer Privacy Act of 2018 (“CCPA”).
- The EU Applicant and Candidate Privacy Policy applies to Riverbed’s collection and processing of personal data relating to EU job applicants and candidates during the application and recruitment process.
- The California Applicant Policy applies to Riverbed job applicants and candidates who are residents of California.
When Riverbed Acts as a Processor
- Riverbed offers a Data Processing Addendum (“DPA”) that sets out the legal framework under which Riverbed processes personal data. Riverbed’s DPA includes key GDPR-related assurances and incorporates the Standard Contractual Clauses approved by the European Commission to address the transfer of personal data outside of the EEA.
- Riverbed’s Data Transfer Impact Assessment Guide assists customers in conducting data transfer impact assessments.
- Riverbed performs due diligence reviews to assess the privacy and security practices of our subprocessors, who are required to enter into appropriate security, confidentiality and privacy contract terms based on the risks presented by the assessment, including data processing terms as required by applicable law. A list of Riverbed’s current subprocessors can be found here.
- Additional documentation consisting of “Privacy Data Sheets” and “Processing Details” describing Riverbed’s processing of personal data for specific products and services can be found here.
We value the trust you place in Riverbed. We are committed to providing our customers and partners with secure solutions utilizing state of the art technologies to safeguard your information.
Riverbed’s security framework is governed by ISO/IEC 27001:2013 Information Security Standard. Riverbed has achieved internationally recognized ISO/IEC 27001:2013 certification. In addition, a subset of Riverbed solutions has also undergone Statement on Standards for Attestation Engagements (SSAE) 18 System and Organization Controls (SOC) audits. To maintain these certifications, Riverbed undergoes comprehensive annual audits from an independent third-party assessment organization. These security assessors verify Riverbed’s compliance in over 140 security and data protection areas within 14 different security categories including access control, incident response, security training, system integrity, identification and authentication, contingency planning, etc.
ISO 27001:2013
Established by the International Organization for Standardization (ISO), the prestigious and internationally recognized ISO 27001 standard requires the certification of an organization’s information security management controls for areas such as data security and business continuity. Riverbed’s information security management system (ISMS) has been inspected and certified by Coalfire, an accredited certifying body. The Riverbed solutions that are ISO-certified include Alluvio IQ and Alluvio Aternity Digital Experience Management platform, including End User Experience Management (EUEM) and Application Performance Management (APM).
Riverbed’s ISO 27001 certificate is available here.
SSAE-18 SOC 2 Type II and SOC 3
Riverbed publishes Service Organization Controls 3 (SOC 3) reports for Alluvio IQ and Alluvio Aternity Digital Experience Management platform. These SOC 3 reports are publicly available summary of the detailed SOC 2 Type II reports. The SOC 3 reports provide assurance that Riverbed’s internal controls have been verified to achieve the AICPA’s Trust Services Criteria for data security and availability.
The detailed SOC 2 Type II reports may be requested from your account executive.
Click here for Alluvio IQ SOC 3 report.
Click here for Alluvio Aternity SOC 3 report.
Penetration Test Summary
Riverbed also contracts with Coalfire, an industry-leading penetration testing firm, to perform rigorous security testing of its Alluvio IQ and Alluvio Aternity solutions. A copy of the most recent penetration test may be requested from your account executive.
