Testmo uses Amazon AWS cloud services. Learn more about Amazon's compliance, such as:
Testmo uses Microsoft Azure cloud services. Learn more about Azure's compliance, such as:
Yes, Testmo operates a security incident response program following industry best practices. We work closely with security researches and developers to identity and resolve security vulnerabilities.
You can report any findings, notify us about security concerns and disclose issues. To get in touch with our security team and to learn more, please see our incident response program.
Testmo's main application cloud services are hosted with Amazon AWS in the US east region across multiple availability zones.
Additionally, as part of our business continuity plans, we use Microsoft Azure for some cloud services.
Our goal is to provide a high average uptime for all our services. We have designed our infrastructure to be resilient to outages of individual systems and monitor all systems 24/7. We publish our current and past system uptimes and service status.
Testmo uses strong encryption with industry standard encryption algorithms and protocols. For example, we protect data moving through public networks with protocols such as HTTPS/TLS. We also use strong AES encryption for backup files. Amazon AWS features to encrypt data stored at rest are enabled.
We do not run our own data centers or servers and Testmo itself does not hold certifications as of now. We follow security and data protection industry best practices to develop our software products.
We use data centers from Amazon AWS and Microsoft Azure, which maintain various certifications including SOC, ISO, PCI DSS and FedRamp compliance.
Testmo is used to manage software testing activities. Customers store test cases, test data and test results in Testmo. We ask customers not to upload, store and submit production data, personally identifiable information (PII) or other non-testing data to Testmo. You can also learn more in our Terms of Service and Privacy Policy.
We ask you to contact us before running any vulnerability scans or penetration tests. Running such tests against your account or production Testmo instance can lead to automatic rate limiting, account suspension or other counter measures by us or our cloud providers.
We can also provide vulnerability scan results by independent third parties on request, so you do not necessarily need to run your own tests.
Yes, as part of Testmo's Enterprise edition, users can enable two-factor authentication. Additionally, administrators can enforce two-factor authentication for all users. Testmo uses the standard TOTP protocol and supports common authentication apps such as Google Authenticator.
Testmo's Enterprise edition also supports SAML authentication with identity providers (IdP) such as Google Workspace, Azure Active Directory, Okta, OneLogin and other custom services. You can learn more in our documentation.
You can learn more about what data we collect and how we use and process data in our Privacy Policy.
Testmo is used to manage software testing activities. Therefore only test data should be stored and submitted to Testmo. Production data or personally identifiable information (PII) should not be stored in Testmo, which makes it easier for you to be GDPR compliant.
Additionally, Testmo implements important product features such as removing user names/emails (Forget User feature) to help you stay compliant.
Testmo's DPA along with jurisdiction-specific terms and data processing terms are posted on our legal page here: https://www.testmo.com/legal.
Customers can generate data exports from active Testmo accounts. Exports can be generated from Testmo under Admin → Exports. You can learn more about data exports and the data format in our documentation.
We can provide vulnerability scan results by independent third parties on request, so you do not necessarily need to run your own tests. Please just contact us to request these details.
Similar to other major modern services, Testmo is a cloud web application. This way we can better optimize the performance, security, scalability and user experience. We do not offer an on-premise server edition at this time.
It would be cost-prohibitive to complete lengthy custom security questionnaires, vendor assessment forms or cloud security surveys for each individual account. Instead, we can provide an industry-standard CAIQ-Lite questionnaire with common security questions on request. Simply contact us to receive the document.