Security & Compliance

TigerGraph is constantly expanding its security and compliance initiatives to support our customer’s requirements. Compliance Items that have been audited by a third-party are marked with an asterisk (*). These reports are available to organizations that have Non-Disclosure Agreements with TigerGraph.

NIST Cybersecurity Framework

TigerGraph has adopted the National Institute of Standards and Technology Cybersecurity Framework as its core compliance framework.

SOC 2 Type 2 *
TigerGraph is audited on an annual basis for a report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, and Confidentiality. The scope of this report covers both corporate operations, on-premise software, and TigerGraph Cloud. Learn more at https://www.tigergraph.com/soc-2/ 

HIPAA
TigerGraph has implemented processes, controls, and product features to support compliance to the Health Insurance Portability and Accountability Act. TigerGraph is in the process of having these controls audited by a third party. A SOC 2 Type 2 + HIPAA report should be available by Q3 of 2022.

PCI DSS – On-premise
TigerGraph has implemented processes, controls, and product features to support compliance to the Payment Card Industry’s Data Security Standard. TigerGraph is in the process of having these controls audited by third-party for its on-premise product. An attestation of a PCI DSS report should be available by Q3 of 2022.

PCI DSS – TigerGraph Cloud
TigerGraph has implemented processes, controls, and product features to support compliance to the Payment Card Industry’s Data Security Standard. TigerGraph has scheduled an audit of these controls, audited by third-party, for its TigerGraph Cloud product. An attestation if PCI – DSS report is planned for availability by Q4 of 2022.

Privacy
TigerGraph has designed its privacy practices for compliance with The California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR).

OWASP
TigerGraph’s Development teams are trained on an annual basis for secure application development practices. TigerGraph’s Security and Compliance Team uses the OWASP TOP 10 and the OWASP Application Security Verification Standard (ASVS) to assess its applications.

Application Security

TigerGraph’s products have the following features:
  • TLS 1.2 and 1.3 Encryption in transit
  • AES 256 Encryption at Rest
  • Role-Based Access Control
  • SAML 2.0 SSO
  • LDAP
  • Backup and restore
  • User Auditing
  • Vulnerability Management

    TigerGraph follows a Secure Development Life Cycle (SDLC). This includes a combination of tools to find vulnerabilities using DAST and SAST tools. TigerGraph’s Security and Compliance Team manually Penetration Tests its applications on a weekly basis.

    On an annual basis, TigerGraph conducts Penetration Tests by a third party, and hosts a Bug Bounty.

    Additionally, TigerGraph encourages independent Security Researchers to submit vulnerability information on our Bug Submission Page. At this time TigerGraph does not pay researchers for findings outside of its annual bug bounty (link).