Contents x
- Security
- Do you hold any independently assessed certifications? For example ISO 9000/14000/20000/22300/27000, SOC 2, NIST, FedRAMP, TISAX?
- Do you support SSO (Single Sign-On)? Do you have support for SAML protocol?
- Log4Shell vulnerability (CVE-2021-44228)
- Do you do regular penetration testing by a third-party company? Can you share a results report?
- Which cloud-computing platform or hosting provider is used (Altium, or third party such as AWS or Azure)?
- Do you have MFA (Multi-factor authentication)?
- How are systems and data protected from loss or theft?
- Where is the Altium 365 data physically stored? Where are the data centers located?
- Is your traffic secure? Is my data encrypted in transit? Are you using HTTPS? What versions of SSL/TLS do you support?
- Are information security checkpoints (e.g. risk assessment process, secure design/architecture review, source code review, security vulnerability testing, remediation of all high and critical vulnerabilities prior to moving code to production, etc.) incorporated into the software development lifecycle process?
- Do you have an executive-level officer responsible for the security of the company's software products and/or processes?
- How is my data encrypted at rest?
- Do you have a policy of secure disposal of media, ensuring that data is permanently deleted?
- Do applications have separate source code repositories for production and non-production environments?
- Can we synchronize with Active Directory or LDAP?
- Are the API calls encrypted, and do they use authentication (e.g. Oauth2)?
- Do you perform criminal or other background checks on your employees and contractors?
- How is the data backed up and what is the schedule?
- When I delete data from the workspace. How long does it take until all data is deleted, including backups?
- Have you had security or data breaches within the past 12 months?
- Do you use an email filtering service (e.g. protection against malicious attachments, etc.)? How are emails threats prevented?
- Are all assets (servers, containers, VPCs, workstations, mobile devices, etc.) hardened and configured to a standardized image / baseline?
- Does Altium maintain an SDLC?
- Reliability
- Do you have a change control process in place?
- What communication protocols exist related to system changes, maintenance or outages/downtime impacting services? And describe the logging and monitoring processes in place to detect and respond to incidents.
- If I move my data to Altium 365, will I have to design boards in the cloud and be connected to the internet to get any work done?
- Do you have a documented business continuity plan (BCP) and disaster recovery plan (DRP) that includes systems supporting data/processes?
- What are the data limits (GB) per user and/or company?
- Compliance and Privacy
- What level of the CSA STAR program does Altium 365's compliance with the Cloud Control Matrix (CCM) controls fall under?
- How does Altium manage and protect the Personal Identifiable Information (PII)?
- Do you have a data protection officer (DPO) or a representative responsible for GDPR compliance?
- Briefly describe your employee life cycle process – account provisioning, access removal, password policy, what controls are implemented for employees with potential access to customer data?
- What measures and policies do you have in place to ensure and demonstrate compliance with good data management principles (i.e. GDPR)?
- Will Altium employees have access to my Intellectual Property (IP) data?
- Will projects uploaded to Altium 365 become publicly available to everyone? Who has access to my IP (intellectual property) if I upload it to Altium 365?
- What happens to my data stored on Altium 365 if I do not renew my subscription? Will I be locked into using the platform and paying for the subscription?
- My company works on defense or government projects. Can Altium 365 be used for such projects? Do you have corresponding certifications or compliance?
- GovCloud
- What is Altium 365 GovCloud?
- Where is Altium 365 GovCloud on AWS GovCloud (US) available today?
- Do US citizens operate Altium 365 GovCloud on U.S. soil?
- Can users store data in their Altium 365 Personal space in Altium 365 GovCloud?
- Can you share projects, releases, libraries, and manufacturing packages with people outside the workspace in Altium 365 GovCloud?
- What are the limitations of Altium 365 GovCloud?
- What is the status page for Altium 365 GovCloud?
- Is PLM integration supported on Altium 365 GovCloud?
- What are the billing and price differences for Altium 365 GovCloud?
- Which version of Altium Designer supports GovCloud?
- Is SSO supported with GovCloud?
- Who configures, secures, and maintains client-side systems, such as browsers and CAD tools, that connect to Altium 365 GovCloud?
- How do I start to use Altium 365 GovCloud?
- What is the policy of Altium 365 GovCloud regarding protection from access through a VPN?
What is Altium 365 GovCloud?
Article summary
Did you find this summary helpful?
Thank you for your feedback
Altium 365 GovCloud is a dedicated region operated by Altium, exclusively managed by U.S. Persons, and located within the AWS GovCloud region in the United States. By choosing Altium 365 GovCloud, customers can guarantee compliance with U.S. government regulations, specifically ITAR and EAR. Refer to Altium 365 GovCloud for detailed information.
Was this article helpful?
Thank you for your feedback! Our team will get back to you
How can we improve this article?
Your feedback
Comment
Comment (Optional)
Character limit : 500
Please enter your comment
Email (Optional)
Email
Please enter a valid email