Trust is the basis of everything we do.

Companies rely on Riverbed to:

  • Transform IT data into actionable insights so they can deliver seamless, secure digital experiences; and
  • Provide fast, agile, secure acceleration of any app, over any network, to users wherever they are.

How We Protect Your Business

Overview
Security
Privacy
Compliance
Reliability

Four Pillars of Trust

Riverbed leverages a “Four Pillars” approach to deliver secure and dependable products and services.

Security

Riverbed is continually refining its security strategy and framework to reflect our organization’s specific security risks. Maintaining a robust security-first culture is key to protecting the integrity of our products and services, inspiring customer confidence, and furthering our business relationships.

 

 

Privacy

Riverbed knows that customers care about how personal data is used and shared, and Riverbed takes privacy very seriously. Riverbed’s privacy and risk management framework is designed to meet Riverbed’s obligations under applicable global privacy laws , including the General Data Protection Regulation (GDPR).

 

 

Compliance

Riverbed undergoes third-party audits and obtains product certifications to provide our customers with independent, third-party assurances.

 

 

Reliability

Riverbed designs our Cloud Service offerings to deliver secure, highly available solutions, 24×7, around the world. Riverbed Support offers 24x7x365 issue resolution, a global logistics network, and robust online resources for all products.

Security

Riverbed’s security strategy and framework leverages industry standard best practices and standards. Our security program is led by Riverbed’s Chief Information Officer (“CISO”) with the involvement of key cross-functional stakeholders to enable a holistic approach to security management. Key features of Riverbed’s security program include:

 

Security Policies

Riverbed maintains a comprehensive set of security policies. More information regarding the security requirements and measures used to establish and enforce Riverbed’s corporate security program can be found here.

 

 

Security Measures

The technical and organizational measures built into specific offerings can be found here.

 

 

Security Training & Awareness

All Riverbed personnel are required to undergo annual security training and participate in ongoing security awareness initiatives.

 

 

Data Center Security

Riverbed does not operate any of its own data centers. We leverage industry-leading third- party cloud infrastructure providers and requires all such providers to have a SOC 2 Type II annual audit and ISO 27001 certification, or industry recognized equivalent frameworks.

 

 

Testing & Verification

Engineering teams regularly review our code, infrastructure, and supporting systems to ensure we have the correct people, processes, and controls to protect product development and customer data.

 

 

Security Incident Response

Our security incident response team acts promptly to respond, investigate, and remediate security issues when they are detected..

Privacy

Riverbed knows that customers care about how your personal data is used and shared, and Riverbed takes privacy very seriously. The Privacy page of Riverbed’s Trust Center provides a centralized source of information about Riverbed’s privacy practices.

 

Privacy Resources

When Riverbed Acts as a Controller
  • Riverbed’s General Privacy Policy applies to personal data collected through Riverbed’s websites, feedback, and surveys, the sales and contracting process, and both online and offline sales and marketing activities.
  • Riverbed’s CCPA Notice supplements Riverbed’s General Privacy Policy and describes the rights of California residents under the California Consumer Privacy Act of 2018 (“CCPA”).
  • The EU Applicant and Candidate Privacy Policy applies to Riverbed’s collection and processing of personal data relating to EU job applicants and candidates during the application and recruitment process.
  • The California Applicant Policy applies to Riverbed job applicants and candidates who are residents of California.
When Riverbed Acts as a Processor
  • Riverbed offers a Data Processing Addendum (“DPA”) that sets out the legal framework under which Riverbed processes personal data. Riverbed’s DPA includes key GDPR-related assurances and incorporates the Standard Contractual Clauses approved by the European Commission to address the transfer of personal data outside of the EEA.
  • Riverbed’s Data Transfer Impact Assessment Guide assists customers in conducting data transfer impact assessments.
  • Riverbed performs due diligence reviews to assess the privacy and security practices of our subprocessors, who are required to enter into appropriate security, confidentiality and privacy contract terms based on the risks presented by the assessment, including data processing terms as required by applicable law. A list of Riverbed’s current subprocessors can be found here.
  • Additional documentation consisting of “Privacy Data Sheets” and “Processing Details” describing Riverbed’s processing of personal data for specific products and services can be found here.

We value the trust you place in Riverbed. We are committed to providing our customers and partners with secure solutions utilizing state of the art technologies to safeguard your information.

 

Riverbed’s security framework is governed by ISO/IEC 27001:2013 Information Security Standard. Riverbed has achieved internationally recognized ISO/IEC 27001:2013 certification. In addition, a subset of Riverbed solutions has also undergone Statement on Standards for Attestation Engagements (SSAE) 18 System and Organization Controls (SOC) audits. To maintain these certifications, Riverbed undergoes comprehensive annual audits from an independent third-party assessment organization. These security assessors verify Riverbed’s compliance in over 140 security and data protection areas within 14 different security categories including access control, incident response, security training, system integrity, identification and authentication, contingency planning, etc.

 

ISO 27001:2013

Established by the International Organization for Standardization (ISO), the prestigious and internationally recognized ISO 27001 standard requires the certification of an organization’s information security management controls for areas such as data security and business continuity. Riverbed’s information security management system (ISMS) has been inspected and certified by Coalfire, an accredited certifying body. The Riverbed solutions that are ISO-certified include Riverbed IQ and Riverbed Aternity Digital Experience Management Platform, including End User Experience Management (EUEM) and Application Performance Management (APM).

 

Riverbed’s ISO 27001 certificate is  available here.

 

SSAE-18 SOC 2 Type II and SOC 3

Riverbed publishes a Service Organization Controls 3 (SOC 3) report for the Riverbed IQ and Riverbed Aternity Digital Experience Management Platforms. This SOC 3 report is a publicly available summary of the detailed SOC 2 Type II report.  The SOC 3 report provides assurance that Riverbed’s internal controls have been verified to achieve the AICPA’s Trust Services Criteria for data security and availability.

 

The detailed SOC 2 Type II report may be requested from your account executive.

 

Click here for the Riverbed IQ and Riverbed Aternity SOC 3 report.

 

Australia IRAP

 

The Infosec Registered Assessors Program (IRAP) provides a comprehensive process for the independent assessment of a system’s security against the Australian Government Information Security Manual (ISM) requirements. The IRAP goal is to maximize the security of Australian federal, state, and local government data by focusing on the information and communications technology (ICT) infrastructure intended for data storage, processing, and communication.

 

In May 2024, CyberCX, a third-party assessor, completed the Cloud Security Assessment of the Australian regions for the Riverbed Aternity EUEM Cloud Service. The assessment was conducted in-line with the Australian Cyber Security Centre’s (ACSC) Cloud Security Assessment and Authorisation Framework, Phase 1. The assessment was conducted using the Australian Government Information Security Manual (ISM) March 2024 version. The Aternity EUEM Cloud Service was assessed at the PROTECTED information classification level. A copy of the assessment may be requested from your account executive.

 

Penetration Test Summary

Riverbed also contracts with Coalfire, an industry-leading penetration testing firm, to perform rigorous security testing of its Riverbed IQ and Riverbed Aternity solutions. A copy of the most recent penetration test may be requested from your account executive.

Reliability

Available SLAs

Riverbed publishes service level agreements (“SLAs”) for its cloud services here.

 

Support

Riverbed provides 24×7 follow-the-sun support for its products as described here.

 

Business Continuity

Riverbed’s Business Continuity Planning (“BCP”) Statement can be found here.

selected img