Security & Compliance
TigerGraph is constantly expanding its security and compliance initiatives to support our customer’s requirements. Compliance Items that have been audited by a third-party are marked with an asterisk (*). These reports are available to organizations that have Non-Disclosure Agreements with TigerGraph.
NIST Cybersecurity Framework
TigerGraph has adopted the National Institute of Standards and Technology Cybersecurity Framework as its core compliance framework.
SOC 2 Type 2 *
TigerGraph is audited on an annual basis for a report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, and Confidentiality. The scope of this report covers both corporate operations, on-premise software, and TigerGraph Cloud. Learn more at https://www.tigergraph.com/soc-2/
TigerGraph has implemented processes, controls, and product features to support compliance to the Health Insurance Portability and Accountability Act. TigerGraph is in the process of having these controls audited by a third party. A SOC 2 Type 2 + HIPAA report should be available by Q3 of 2022.
PCI DSS – On-premise
TigerGraph has implemented processes, controls, and product features to support compliance to the Payment Card Industry’s Data Security Standard. TigerGraph is in the process of having these controls audited by third-party for its on-premise product. An attestation of a PCI DSS report should be available by Q3 of 2022.
PCI DSS – TigerGraph Cloud
TigerGraph has implemented processes, controls, and product features to support compliance to the Payment Card Industry’s Data Security Standard. TigerGraph has scheduled an audit of these controls, audited by third-party, for its TigerGraph Cloud product. An attestation if PCI – DSS report is planned for availability by Q4 of 2022.
TigerGraph has designed its privacy practices for compliance with The California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR).
TigerGraph’s Development teams are trained on an annual basis for secure application development practices. TigerGraph’s Security and Compliance Team uses the OWASP TOP 10 and the OWASP Application Security Verification Standard (ASVS) to assess its applications.
On an annual basis, TigerGraph conducts Penetration Tests by a third party, and hosts a Bug Bounty.
Additionally, TigerGraph encourages independent Security Researchers to submit vulnerability information on our Bug Submission Page. At this time TigerGraph does not pay researchers for findings outside of its annual bug bounty (link).