Security is of the utmost importance to Anaplan. All client data supplied to Anaplan is considered confidential data and is handled accordingly. All Anaplan employees are required to sign a security agreement at the commencement of their employment. Details of an Anaplan employee agreement are as follows: In the course of normal business activities many Anaplan staff, both employees and contractors, will come into contact with confidential information belonging to project teams, prospective project teams and partners. Examples of this kind of information include: Sample data provided in the course of discussing and agreeing on requirements Data used when building Proof-of-Concept models Data files for importing Access to Anaplan models by consultants for assisting with model building Access to Anaplan models by development for troubleshooting This document sets out the policy and procedures regarding privacy and security of such information.
All information belonging to project teams, prospects and partners is to be treated as confidential, unless it is known to be available in the public domain (and not as the result of a data breach), or written authorization has been given by the owner of the information to use it otherwise. Information should be shared only on a need-to-know basis. Note: The owner applies to the Client business process owner and is someone who is authorized to give permission. The written permission documentation has to be kept in a central location, such as attached to a Zendesk or JIRA ticket. All Anaplan staff have entered into non-disclosure agreements in the course of their engagement, and information received from project teams, prospects and partners is governed by those agreements. Confidential information is not to be passed on to other staff or to third parties without the express written authorization of the data owner.
Access for Anaplan staff on Client Anaplan models should only be granted as needed, and should be removed as soon as it is no longer required. Anaplan staff unable to remove their accounts from Client systems must remind the Client to do so.
The Anaplan platform includes many features that allow for secure access for users. Users are prevented from accessing each other’s data and information. User stories will be constructed in the planning and requirements phase that will detail the security settings, (called Selective Access), that will need to be configured to allow for the appropriate level of security for users. Follow these guidelines when creating and assigning roles: Restrict workspace administrators as much as possible Review access to all current models for ‘at risk individuals’: both workspace administrators and those who have partial model access Separate sensitive modules in new models or different spaces as necessary If integration with Client security protocols, such as SSO, is required, these will need to be highlighted early in the process and an appropriate Client technical resource supplied for the project.