Dear colleagues, I got interesting security questions from a client. Could you help? Here they are: 1. In the event of a request under the Patriot Act via the US office would Anaplan hand over the data to the US authorities? 2. What systems and processes are in place to ensure no one except the client's personnel can see or touch the client's data? Thank you for your help! Larissa
1) Data centres are in the US, Anaplan is a US based company, so yes Patriot Act does apply. Therefore, in theory, the US Govt does have the ability to request access to data, but in reality it will only want to access information that may help prevent terrorist attacks on their sovereign soil. So operational or financial models should be out of scope.
2) Users have single entry point via login screen so as long as they secure their passwords then the models will only be accessed by authorised users. The Anaplan cloud environment has some shared resources such as routers, switches, and SAN. Multi- tenant customers also share server/application space but data is held separately. Anaplan also has regular penetration testing by an external security firm... so the data is safe and the platform can be trusted.
Hope this helps with your client