Trust Center
Contact Us
Subscribe to updates

Security at NinjaOne

Security is built into the fabric of our products, team, infrastructure, and processes, so you can be rest assured your data is safeguarded.

[email protected] | Privacy Policy | EULA | DPA

FAQ

What types of PII data are stored in NinjaOne?

NinjaOne does not typically process personal and/or sensitive data, please refer to our DPA for more details. The solution collects computer information (e.g., computer name, hardware type, local IP address, file structures, etc.).

Does NinjaOne have written policies, procedures and/or processes in place to ensure the proper management and supervision of staff for the preparation, review, execution of your operations?

Yes

Is NinjaOne GDPR compliant?

Yes

Does NinjaOne have a documented Information Security Policy?

Yes

Does NinjaOne have a formal Incident Response Plan?

Yes

Does NinjaOne have a Disaster Recovery Plan (DRP) in place?

Yes, see SOC 2 page 14.

Does NinjaOne process or store Credit Card information?

No

Does NinjaOne carry insurance?

NinjaOne can provide insurance information to prospective customers under an NDA.

Does NinjaOne require multi-factor authentication on all enterprise applications and production systems?

Yes

Is an Non-disclosure agreement (NDA) required to receive NinjaOne’s SOC 2 Report?

Yes, an NDA is required to review NinjaOne’s SOC 2 report.

Does NinjaOne have a documented Change Management Policy?

Yes

Does NinjaOne have a documented Business Continuity Plan (BCP)?

Yes

Does NinjaOne have an anti-virus/malware programs installed on all systems?

Yes

Does NinjaOne process Protected Health Information (PHI) or any data covered by the Health Insurance Portability and Accountability Act (HIPAA) Act?

Typically, No. However, on a case by case basis, NinjaOne may enter into a Business Associate Agreement with a customer.

Have there been any security incidents in last 12 months?

No

Are all your systems and software supported with the latest security patches installed?

Yes

What are NinjaOne service levels that they commit to?

Depending on contractual agreements with customers NinjaOne offers the following service levels:

  • Availability of service (application up-time): Depending on agreement with specific customer, NinjaOne guarantees tiered service levels up to 99.9% availability.
  • Response to service requests: Depending on agreement with specific customer, NinjaOne provides response times depending on severity of request: Sev 1: 1 hour, Sev 2: 4 hours, Sev 3: 1 day, Sev 4: 2 days

Does NinjaOne have a patch management process?

Yes

Does NinjaOne maintain up-to-date versions of anti-virus software, anti-malware, antispyware, and operating systems security patches?

Yes

Does NinjaOne encrypt data with its environment?

Yes

Are controls validated by independent, third party auditors or information security professionals?

Yes

Is NinjaOne FedRAMP compliant?

Yes, please contact your account executive for more details. Additionally, please refer to FedRAMP Marketplace – https://marketplace.fedramp.gov/products/FR2430847803