From 3705aa0572867448b241bba90c649fd4441deab9 Mon Sep 17 00:00:00 2001 From: Jim Burger Date: Tue, 14 May 2024 08:18:47 +0930 Subject: [PATCH] Corrected some out of date security information (#2231) * Corrected some out of date information regarding accessing pen. test reports. Corrected some out of date information regarding accessing pen. test reports, including links to our trust centre and additional context regarding our certifications. * Update index.md --------- Co-authored-by: Steve Fenton <99181436+steve-fenton-octopus@users.noreply.github.com> --- src/pages/docs/security/index.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/pages/docs/security/index.md b/src/pages/docs/security/index.md index 3c0ac6ccaf..495893223a 100644 --- a/src/pages/docs/security/index.md +++ b/src/pages/docs/security/index.md @@ -1,7 +1,7 @@ --- layout: src/layouts/Default.astro pubDate: 2023-01-01 -modDate: 2023-01-01 +modDate: 2024-04-16 title: Security navTitle: Overview navSection: Security @@ -13,10 +13,11 @@ We pride ourselves on making Octopus Deploy a secure product. The security and i This section provides information about the responsibility we take to provide a secure software product, and considerations for you as the host and administrator of your Octopus Deploy installation. -Every year Octopus undergoes a security review conducted by a third-party company. The latest reports can be downloaded: -- [cloud-security-review-2022.pdf](https://octopus.com/documents/cloud-security-review-executive-report-2022.pdf) -- [octopus-security-review-2022.pdf](https://octopus.com/documents/octopus-security-review-executive-report-2022.pdf) +## Our Certifications +Octopus Deploy is compliant with cybersecurity standards such as ISO27001 & SOC II. Every year Octopus undergoes a security review conducted by a third-party company. We also run several public bug bounty programs to encourage the security community to help us keep our customers safer. We are an active member of MITRE through its CVE program as a CNA, meaning that we're responsible for disclosing any vulnerabilities in our product to allow customers security teams to make informed decisions. + +A comprehensive overview of our security controls is available in our [Trust Centre](https://trust.octopus.com) where it is possible to request access to our certifications and penetration test reports, as well as other supporting documents and policies. We often hear from customers who want to know more about our security posture. We've performed a [self assessment against various industry-standard controls](/docs/security/caiq). Feel free to use this in any vendor assessments you need to perform.