Security

Protect your data and your organization

Pigment is built with security in mind. We prioritize data security so you can focus on achieving business goals.
Trust report
Join Next Live Tour
Security UI
AICPA SOC 2 TYPE 2 badge for PigmentGDPR Compliancy badge for PigmentSecurity Scorecard
ComplianceAccess ManagementEncryptionAccess ControlAssuranceRecoveryResponseTraceability

Secure from the ground up

Pigment's infrastructure is meticulously designed with robustness in mind:
1.

Sovereignty

Pigment Customers have the freedom to select the location where their data will be hosted, ensuring their organization complies with regulatory requirements.
2.

Infrastructure

Pigment leverages industry-leading cloud infrastructure providers, inheriting the robustness of their physical infrastructure, security, and reliability.
3.

Business Continuity

Pigment's architecture is meticulously designed to eliminate single points of failure. It provides a high level of redundancy across independent geographical zones, facilitating exceptional uptimes.
4.

Disaster Recovery

Pigment maintains a comprehensive and tested disaster recovery procedure, ensuring rapid service restoration even in the event of a regional disaster impacting one of our operational locations.

Compliance

Pigment complies with the requirements of SOC 1 Type 2, SOC 2, Type 2, CSA STAR 1, GDPR and CCPA. This means we ensure enterprise-level protection, and secure service that aligns with AICPA SOC standards.

This also ensures that our customers can operate Pigment in respect of privacy regulations and their own internal security standards . Moreover, our customers can operate Pigment in compliance with the relevant provisions of the Sarbanes Oxley (SOX) Act.

Identity and access management

Pigment features a powerful access control mechanism that allows its users to control who can access the data on a record-by-record basis for read and write operations.

Access to specific capabilities can also be assigned to users or groups of users based on their roles.

Integration with all identity providers on the market such as Okta, Azure Active Directory (now called Entra), Auth0, Google Identity, Jumpcloud, etc. can be achieved thanks to the support of SAMLv2 single sign on, and the support of Google’s social login offers an additional turnkey Single Sign On option.

Pigment also supports Multi Factor Authentication (MFA) to further secure access to the platform. 

Finally, automatic user provisioning is made possible by SCIM that ensures that users' access to Pigment stays in sync with your Identity Provider when a user is on boarded or off boarded in your organization.

Data encryption

All of Pigment’s data is encrypted at all times.

Pigment implements and maintains the latest standards in cryptography such as TLS 1.3, HSTS preloading, and short lived certificates. Older versions of encryption protocols are prohibited which prevents the use of outdated ciphers.

All data at rest, including databases and backups are encrypted using AES 256 or equivalent state-of-the-art encryption.

Role based access control

Pigment offers group based role assignment, allowing you to group users to permission sets across your entire Workspace. 

Groups makes it easy to assign, track, and maintain users' roles across the entire workspace in a centralized location without writing any code or formulas.

Security assurance program

Pigment runs a security assurance that includes penetration testing, phishing simulations, bug bounty programs, internal and third party audits, systematic reviews of projects and code commits, vulnerability scanning of the application, system images and third party libraries.

This provides reasonable assurance that potential vulnerabilities would be caught before they can be exploited.

Data backup & recovery

Your data availability is a top priority. All Pigment customers benefit from daily backups of their data and our snapshot feature, which provides you with the ability to create an immutable copy of your application at a specific point in time.

Complimenting this, Pigment’s investment in availability benefits from both disaster recovery and business continuity plans, which are aligned with SOC 2 and are tested at least annually in live exercises.

Pigment's RTO is 6 hours and RPO is 24 hours, focusing on efficient recovery and minimal data loss during disruptions.

Incident response

Pigment’s incident response framework SOC 2 Type 2 aligned, and is designed to swiftly identify and mitigate threats, minimizing the impact on your operations. A 24/7 staffed SOC, incident response and advanced monitoring is in place, enabling quick detection and resolutions of any security incidents.

Incident response tests are performed at least annually on live exercises where possible.

In line with GDPR requirements, Pigment notifies customers of incidents without undue delay from discovery of an incident impacting the security of their users, or confidentiality of their data.

Audit & 
traceability

Pigment’s Audit trail features ensure that you have enhanced data oversight of your implementation. With the Audit Trail API, you can ingest login, administration, security and application events into your SIEM for further monitoring and analysis, ensuring integration with your centralized monitoring and alerting systems.


Within Pigment, your applications each have detailed histories down to the data block level, which offer full visibility into the edit events taken on your data models.

See Pigment in action

The best way to understand what Pigment could do for you is to see it in motion. Sign up for a personalized demo with our team today.

Request a demo
Join Next Live Tour