SolarWinds Trust Center

SolarWinds follows a defined software development methodology designed to increase the resiliency and security of our products. This process follows U.S. federal guidelines for secure software development as described in the National Institute of Standards & Technology Secure Software Development Framework (SSDF). Additionally, we follow guidelines described in the Enduring Security Framework (ESF) and the Executive Order on Improving the Nation’s Cybersecurity (EO 14028).

• We have formed a cross-functional team of experts to review these guidelines and adjust our processes as required
• We conducted a thorough gap analysis of our development process against the controls recommended in the SSDF
• We identified which controls we met or did not meet
• We then adjusted our processes to meet the unmet controls, or developed alternate secure processes
• A detailed description of this process and our findings can be found ⁠here

We strive to implement and maintain appropriate administrative, physical, and technical safeguards, security processes, procedures, and standards designed to protect the confidentiality and security of our customer data.

Third-party vendors are used to provide SolarWinds with various goods and services to help facilitate its business. Before entering any third-party relationships, we take deliberate steps to assess the risk related to the vendor relationship. We take care to understand the compliance, reputational, strategic, operational, and transactional risks relating to a particular vendor before entering into a contractual relationship.

We are committed to protecting the privacy of visitors to the SolarWinds website(s), individuals who register to use the products and services, individuals who register to attend our corporate or other events, and business partners.

ISO/IEC 27001 is a specification for an information security management system (ISMS), which is a framework for an organization's information risk management processes.

This certification covers all our products, major locations supporting the development, maintenance, operations, support, and services in the following locations:

• Austin, Texas
• Charlotte, North Carolina
• Reston, Virginia
• Brno, Czech Republic
• Cork, Ireland
• Krakow, Poland
• Taguig City, Philippines
• Netanya, Israel,
• Bengaluru, India

To verify certification status please click on the following link:

https://www.schellman.com/certificate-directory?certificateNumber=1985896-2

System and Organization Controls (SOC 2) is a regularly refreshed report that focuses on non-financial reporting controls as they relate to security, availability, and confidentiality of a cloud service.

We currently offer SOC2/Type 2 reports for:

• SolarWinds® AppOptics™
• SolarWinds Pingdom®
• SolarWinds Loggly®
• SolarWinds Database Performance Monitor
• SolarWinds Service Desk

We currently offer SOC2/Type 1 report for:

• SolarWinds Observability

To request a specific certification for an audit, please click here and complete the form.

We have made information security and data privacy foundational principles of everything we do, and we recognize the importance of passing regulations to advance information security and data privacy for citizens of the EU and elsewhere in the world. By designing products with privacy and security in mind, we are able to provide you with products that help you meet various aspects of these compliance regimes and to support you in creating a more secure environment.

The Federal government is an important customer to SolarWinds, and we’re committed to meeting your product certification needs. You can learn more here: